Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
TTS AutoPlay with Wake Word
v2.0.1Auto-play TTS voice files with wake word detection. Only plays audio when user message contains wake words like "语音", "念出来", "voice", etc. Perfect for Webcha...
⭐ 0· 430·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Requiring PowerShell on Windows is appropriate for a PowerShell-based TTS autoplay skill, but the SKILL.md repeatedly instructs the user/agent to run local scripts (install.ps1, tts-autoplay-wakeword.ps1, etc.) while the package as provided contains only documentation files and no .ps1 scripts. That mismatch (instructions assume code that isn't present) is an incoherence and increases risk.
Instruction Scope
The runtime instructions direct running PowerShell with ExecutionPolicy Bypass and describe implementations that read session history, monitor local TTS file directories (e.g., C:\tmp\openclaw) and edit ~/.openclaw/openclaw.json. Reading session/chat history and continuous filesystem monitoring are within the feature scope, but they access potentially sensitive chat logs and the instructions give broad authority to run unreviewed scripts — this should be audited. The skill also claims 'No external API calls' but without the scripts present this claim cannot be validated.
Install Mechanism
This is an instruction-only skill (no install spec in registry). SKILL.md shows install/run commands that execute local PowerShell scripts. Running PowerShell with '-ExecutionPolicy Bypass -File' is common but elevates the impact of malicious scripts. Because the actual scripts are not bundled, the install step would require pulling code from the referenced repo or running commands that will fail — verify the source before running.
Credentials
The skill declares no required environment variables or config paths, yet the documentation instructs editing and reading openclaw.json and session/log files. Accessing chat history/config files is reasonable for wake-word detection, but those paths should be declared. The absence of declared config/paths is an inconsistency that reduces transparency about what will be accessed.
Persistence & Privilege
The skill suggests running long‑running/monitoring PowerShell scripts that would persistently watch directories and potentially read recent session history. While 'always' is false, persistent local monitoring with access to chat logs is a meaningful privilege; confirm whether the installed scripts run as background services, what account they use, and ensure they don't alter other skills' configs.
What to consider before installing
Do not run the 'powershell -ExecutionPolicy Bypass -File ...' commands until you obtain and review the actual .ps1 scripts. Steps to take before installing:
- Verify source: visit the GitHub homepage linked in the SKILL.md and ensure the repo is the official one and contains the expected scripts.
- Inspect scripts: open install.ps1, tts-autoplay-wakeword.ps1, uninstall.ps1 and any files they call. Look for network calls, encoded/obfuscated code, or commands that upload data or modify system-wide settings.
- Check data access: confirm exactly which files/logs the scripts read (openclaw.json, chat logs, C:\tmp\openclaw) and whether that level of access is acceptable for your environment.
- Avoid blind execution: do not run scripts with ExecutionPolicy Bypass unless you trust and have reviewed them. Run them in a sandboxed/testing machine first.
- Prefer the 'tagged' approach: the docs recommend using auto: "tagged" and having the model add [[tts]] tags (simpler, avoids session-history monitoring). Consider implementing wake-word logic inside the AI skill (add [[tts]] on wake words) rather than running a persistent process that reads chat logs.
What would change this assessment: provide the actual PowerShell script sources (install.ps1, tts-autoplay-wakeword.ps1, tts-autoplay.ps1). If those scripts are small, local, transparent (no network/exfiltration), and only read the declared TTS dirs and openclaw.json, the rating could be upgraded to benign.Like a lobster shell, security has layers — review code before you run it.
audiovk9781s877h9mjhccwwe7kq4xa581zcp4autoplayvk9781s877h9mjhccwwe7kq4xa581zcp4latestvk9781s877h9mjhccwwe7kq4xa581zcp4powershellvk9781s877h9mjhccwwe7kq4xa581zcp4ttsvk9781s877h9mjhccwwe7kq4xa581zcp4voicevk9781s877h9mjhccwwe7kq4xa581zcp4wake-wordvk9781s877h9mjhccwwe7kq4xa581zcp4webchatvk9781s877h9mjhccwwe7kq4xa581zcp4windowsvk9781s877h9mjhccwwe7kq4xa581zcp4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔊 Clawdis
OSWindows
Binspowershell