Back to skill

Security audit

Voice For Openclaw Publish

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud text-to-speech helper that sends text to MiniMax and can send generated audio to Telegram or Feishu, which matches its stated purpose.

Install only if you are comfortable sending the text you synthesize to MiniMax. Configure Telegram credentials only when you intentionally want generated voice messages posted to that chat, use --generate-only for local output, avoid secrets or regulated content, and keep the .env file private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill declares sensitive capabilities in metadata requirements and documented commands, including environment secret use, shell execution, file output, and outbound network access, but does not surface an explicit permissions model for users or agents. That increases the chance of users enabling a skill without understanding it can read secrets, write files, and transmit data externally.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill encourages sending generated audio through MiniMax, Telegram, and Feishu, but the documentation does not clearly warn that user-provided text and derived audio may be transmitted to third-party services. This can lead to unintended disclosure of sensitive or regulated content if users assume processing is local.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The script transmits generated audio and optional caption text to Telegram without any explicit user-facing notice at the point of transmission. In an agent setting, this can cause unintentional disclosure of sensitive content if the caller assumes the operation is local TTS generation only.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The function sends arbitrary input text to a third-party TTS service, which can expose sensitive user content off-host if the caller is unaware of the network transfer. In a voice-generation skill this behavior is expected, but the lack of an explicit user-facing disclosure/consent mechanism makes accidental data exfiltration of prompts, secrets, or private messages plausible.

External Transmission

Medium
Category
Data Exfiltration
Content
try:
        print(f"Generating speech...", file=sys.stderr)
        resp = requests.post(url, headers=headers, json=data, timeout=120)
        resp.raise_for_status()
        result = resp.json()
Confidence
95% confidence
Finding
requests.post(url, headers=headers, json=

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.