Voice Mode

The skill's stated purpose (convert text replies to Telegram voice messages) is plausible, but the documentation, runtime instructions, and included code disagree in several important ways (paths, credential handling, and whether a daemon should run), and the SKILL.md embeds a Bot Token/Chat ID despite the registry declaring no required credentials.

What to consider before installing or enabling this skill: - Inconsistencies: The README (SKILL.md) and the included Python script disagree on paths, how credentials are supplied, and whether the daemon should be run. Expect to need a Telegram Bot Token and Chat ID even though the registry lists none. - Hard-coded credentials: The SKILL.md contains a Bot Token and Chat ID. Treat these as suspicious — do not use them. If you accidentally used that token, rotate/revoke it in BotFather immediately. - File paths and platform mismatch: The docs assume Windows and a user 'yangl'; the daemon uses a Unix-style ~/.openclaw path and TEMP env var. Verify and adjust paths to match your environment before running anything. - Daemon presence: A long-running daemon (voice_daemon.py) is included but the doc tells you not to run it. If you do run it, it will poll Telegram continuously and could interfere with other bots (409 conflicts) and maintain persistent network access. Only run it if you understand and trust its behavior. - Least privilege: Provide your own bot token and chat id as needed (do not reuse any token embedded in docs). Run the skill in a controlled/test chat first to confirm behavior. - Safety steps: Inspect voice_daemon.py yourself (you already have it) and, if you only need synchronous TTS-on-reply behavior, prefer the documented exec + message approach rather than launching the daemon. If unsure, do not install/run the daemon; try a local sandbox or ephemeral bot token. Given these mismatches and the embedded token, I rate this skill 'suspicious'. If you want a clearer benign/malicious determination, provide information about whether the embedded token is a placeholder, and whether you (or the publisher) intend the daemon to be used or removed.