Back to skill
Skillv1.0.0
ClawScan security
XunFei Voice Reply · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 14, 2026, 1:29 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is generally what it claims (a Xunfei TTS → Feishu voice-reply helper) but there are inconsistencies and some risky choices you should review before installing.
- Guidance
- This skill appears to implement Xunfei TTS correctly, but review these before installing: - Metadata mismatch: the registry claims no env vars required but SKILL.md and the code require XUNFEI_APP_ID, XUNFEI_API_KEY, and XUNFEI_API_SECRET. Don't proceed unless you're prepared to provide those secrets and trust the skill's author. Use least-privilege credentials and rotate them if possible. - Workspace edits: the skill expects the agent or you to edit USER.md (to store reply mode) and AGENTS.md (to add the voice flow). Confirm you want those persistent changes in your workspace. - Dependencies: you must install ffmpeg and the npm 'ws' package; ensure ffmpeg on your system is from a trusted source. - Shell use: the code uses child_process.execSync with interpolated file paths when calling ffmpeg. Although paths are internal (/tmp/openclaw) and not user-supplied, unquoted interpolation increases risk. Review the code and consider sanitizing/quoting paths if you run untrusted inputs. If you decide to install: (1) inspect the code yourself or run in an isolated/test environment first, (2) supply Xunfei credentials via a secure mechanism, and (3) limit exposure of those credentials to the minimum required.
Review Dimensions
- Purpose & Capability
- noteThe code and docs implement a Xunfei TTS-to-Feishu voice reply flow which matches the skill name/description. However the registry metadata lists no required environment variables while SKILL.md and the code clearly expect XUNFEI_APP_ID, XUNFEI_API_KEY, and XUNFEI_API_SECRET — an inconsistency between declared metadata and actual requirements.
- Instruction Scope
- noteRuntime instructions direct the agent to generate text, run scripts/voice-reply.js, send media via the platform 'message' tool, and update workplace files (USER.md and AGENTS.md). Reading/writing USER.md and requiring AGENTS.md edits is reasonable for a mode toggle, but it does expand the skill's scope to editing workspace policy/config files outside its own folder — you should be comfortable with that behavior.
- Install Mechanism
- okNo remote install/downloads are performed by the skill bundle. It relies on system ffmpeg and the npm 'ws' package (not bundled) which the README instructs to install. This is a low-risk install model, but you must install third-party binaries (ffmpeg) and an npm dependency yourself.
- Credentials
- concernThe skill legitimately requires Xunfei API credentials (APP_ID / API_KEY / API_SECRET) to function; those are sensitive secrets and their need is proportionate to TTS functionality. The concern is the skill's registry metadata omitted these required env vars (declared as 'none'), causing a coherence problem and potential surprise for users. The skill does not request unrelated credentials or broad system secrets.
- Persistence & Privilege
- notealways:false and no special platform privileges — good. The skill knowingly instructs modifications to USER.md and advises adding flow text to AGENTS.md; this is persistent workspace modification (not a hidden persistent agent privilege) and should be OK if you accept those file changes. The skill does not set itself as always-enabled or modify other skills' configs.