Skillv1.1.0

ClawScan security

FlowVoice — Clone Any Voice From a Short Audio Sample · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 23, 2026, 7:00 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely matches its stated purpose (local voice cloning) but has mismatches between its README and included scripts and contains a risky use of Python pickle for saved profiles — review before installing or loading profiles from untrusted sources.
Guidance: What to check before installing or running: - Verify the packaging: SKILL.md calls clone.py and speak.py, but only flow_voice.py is included — confirm you have the intended scripts or that flow_voice.py covers all documented commands. - Do not load .pkl profile files from untrusted sources. The script uses Python pickle for saved voice profiles; untrusted pickles can execute code when loaded. - Expect network downloads: the model weights will be fetched from Hugging Face (~200MB) on first run and examples use yt-dlp. If you require offline-only operation, do not run until you have pre-downloaded artifacts. - Run in a controlled environment (virtualenv or isolated container) to install pip deps (zipvoice, soundfile, librosa, numpy) and to limit impact if something goes wrong. - Legal/privacy note: cloning voices may raise consent and copyright issues — ensure you have the right to clone a voice before using the skill. - If you want higher assurance, request the missing scripts or an explanation from the maintainer and inspect any saved profile files before loading them.

Review Dimensions

Purpose & Capability: okName/description, required binaries (uv, ffmpeg), and Python dependencies (zipvoice, soundfile, librosa, numpy) align with a local LuxTTS-based voice-cloning skill. ffmpeg is appropriate for baking audio into video; uv is used by the SKILL.md commands.
Instruction Scope: concernSKILL.md references scripts clone.py and speak.py and a 'clone from URL' flow that are not present in the package — the only included script is flow_voice.py. That mismatch is an incoherence (documentation vs. code) and could cause surprising behavior. The script saves/loads encoded voice profiles using pickle without validation; loading .pkl files from untrusted sources can lead to arbitrary code execution. The runtime will also download model weights from Hugging Face and examples call out tools like yt-dlp (network activity).
Install Mechanism: noteThere is no automated install spec; this is instruction-only with a Python script. Required pip packages are listed in metadata but not installed automatically. Runtime will download model artifacts (~200MB) from Hugging Face cache, which is expected but means the skill performs network I/O at first run.
Credentials: okNo environment variables, credentials, or unusual config paths are requested. The skill writes outputs and profiles under the user's home (~/.cache/huggingface and ~/clawd/output/voice), which is proportional to its purpose.
Persistence & Privilege: okSkill is not always-enabled and can be invoked by the user. It stores profile files under ~/clawd/output/voice/profiles and does not modify other skills or system-wide agent settings.