Voice Message
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: voice-message Version: 1.0.4 The skill bundle is classified as suspicious due to potential command/code injection vulnerabilities in its shell scripts. Specifically, `scripts/send_feishu_voice.sh` embeds shell variables (`$DURATION_SEC`, `$FILE_KEY`, `$RECEIVE_ID`) directly into Python code and JSON strings without robust sanitization, which could lead to injection if an attacker controls these inputs. Similarly, `scripts/gen_voice.sh` passes user-provided text (`$TEXT`) directly to `edge-tts`, posing a potential argument injection risk if `edge-tts` can be manipulated. While these are vulnerabilities that could lead to RCE, there is no clear evidence of intentional malicious behavior such as data exfiltration to unauthorized endpoints or backdoor installation; network calls are made to the legitimate Feishu API.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with the wrong recipient, text, or file path, it could send an unintended voice message or attachment.
The skill enables direct sending of generated audio through chat tools. This matches the stated purpose, but sending chat messages is a user-visible action that should use the intended recipient and content.
Use the message tool directly: action=send, asVoice=true, filePath=/tmp/voice.ogg
Confirm the destination channel/user, voice text, and generated audio file before sending.
Anyone or any agent run with a valid token can send Feishu/Lark audio messages within that token's permissions.
The Feishu/Lark path uses a bearer tenant access token to upload and send an audio message. This is expected for the integration, but it grants account/workspace authority.
TOKEN="$3" ... -H "Authorization: Bearer $TOKEN"
Use a minimally scoped Feishu/Lark app token, keep it out of logs and shell history where possible, and rotate it if exposed.
Sensitive text provided for voice generation may be processed by an external TTS service and then sent to a chat platform.
The text to be spoken is passed to edge-tts, which SKILL.md identifies as Microsoft Edge TTS. This external provider use is central to the skill, but it means message text may leave the local environment.
edge-tts --voice "$VOICE" --text "$TEXT" --write-media "$TMP_MP3"
Do not generate or send voice messages containing secrets or private data unless sharing that data with the TTS and chat providers is acceptable.
Installing the wrong or compromised dependency could affect the local environment.
The skill relies on manually installed external tools and an unpinned pip package. This is normal for this purpose, but users should install them from trusted sources.
- `edge-tts` — Microsoft Edge TTS (`pip install edge-tts`) - `ffmpeg` / `ffprobe` — audio conversion and duration detection
Install edge-tts and ffmpeg/ffprobe from trusted package repositories and consider pinning versions in controlled environments.