Back to skill
Skillv1.1.0
VirusTotal security
FlowVoice — Clone Any Voice From a Short Audio Sample · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:45 AM
- Hash
- ee07e64775580eb5fdfc9c8bb26ff6c125bb19c08daf4d897b5aaad0f0e68dfe
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: flow-voice Version: 1.1.0 The skill provides legitimate voice cloning functionality using LuxTTS but contains critical security vulnerabilities in `scripts/flow_voice.py`. Specifically, it uses `pickle.load()` to deserialize voice profiles and lacks input sanitization on the `--voice` argument, which allows for path traversal and potential arbitrary code execution (RCE) if a malicious pickle file is loaded. While these appear to be unintentional implementation flaws rather than intentional malware, they present a significant risk to the host environment.
- External report
- View on VirusTotal