v1.0.0

hello-honey

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:18 AM.

Analysis

This skill mostly does what it advertises, but it should be reviewed carefully because it runs voice-cloning commands on a schedule, uses messaging account credentials, and its script invokes TTS before the random send check.

GuidanceReview the shell script before installing. In particular, remove the duplicate early TTS generation block, confirm the Feishu/QQ targets and credentials, verify the Noiz TTS skill source, and only use a reference voice sample with clear consent. If installed, remember that the cron job will continue sending automatically until removed.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityMediumConfidenceHighStatusConcern

scripts/flirt_cron.sh

python3 $VOICE_SCRIPT -t "$MESSAGE_FEISHU" --ref-audio "$REF_VOICE" -o "$VOICE_FILE_FEISHU" ...
RANDOM_NUM=$((RANDOM % 100 + 1))
if [ $RANDOM_NUM -gt $PROBABILITY ]; then ... exit 0

The script invokes the TTS helper and processes the reference voice before the random trigger check and before MESSAGE_FEISHU/MESSAGE_QQ are assigned later in the script.

User impactThe voice-cloning helper may run on every cron invocation, even when the skill should skip sending, which can consume resources, touch sensitive voice data, and create temporary audio files outside the expected send flow.

RecommendationMove all TTS generation until after the probability check and after the message text is built; remove the duplicate early TTS block and clean up any temporary audio files reliably.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

pip install requests
npx skills add https://github.com/noizai/skills --skill tts
skillhub install tts

The documented setup installs dependencies and a separate TTS skill from external sources without pinned versions in the supplied artifacts.

User impactThe behavior and security of the voice-cloning path depend partly on external packages or skills not included in this review.

RecommendationReview the Noiz TTS skill and package versions before installing, prefer pinned versions when available, and install from sources you trust.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

crontab -e
0 8-22 * * * /path/to/scripts/flirt_cron.sh

The skill is intended to persist as a cron job that runs every hour during the configured time window.

User impactThe skill will keep attempting scheduled sends until the cron entry is removed or disabled.

RecommendationInstall the cron entry only if you want ongoing automatic messages, and document how to remove or pause it.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

scripts/flirt_cron.sh

FEISHU_APP_SECRET="你的APP_SECRET" ... curl ... tenant_access_token/internal ... openclaw message send --channel qqbot --target "qqbot:c2c:$QQ_OPENID"

The skill requires Feishu app credentials and QQ/OpenClaw messaging authority to send automated messages and upload voice files.

User impactIf configured, the skill can send text and voice messages through the user's selected Feishu and QQ channels on an ongoing schedule.

RecommendationUse least-privilege bot credentials, verify the target IDs, avoid storing long-lived secrets in editable scripts when possible, and disable the cron job when you no longer want automatic sending.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceMediumStatusNote

scripts/flirt_cron.sh

VOICE_SCRIPT="$WORKSPACE/.agents/skills/tts/scripts/tts.py"
REF_VOICE="$WORKSPACE/ref_voice_latest.mp3"
python3 $VOICE_SCRIPT ... --ref-audio "$REF_VOICE"

The skill passes a persistent reference voice file to a separate TTS skill for voice cloning, but this artifact does not define the TTS provider's data boundary, retention, or consent controls.

User impactA voice sample is sensitive and reusable; it may be processed by another installed skill or provider as part of generating messages.

RecommendationOnly use voice samples you have permission to clone, confirm how the TTS skill handles reference audio, and delete the reference file when it is no longer needed.