ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

wevoicereply

v1.0.3

【自动化语音合成与推送链路】 当用户要求语音回复、读一下或发声时,必须严格执行以下三步,严禁跳步: ### 第一步:文案生成 (Prompt A) 根据上下文生成自然、温暖的口语化文本。 请在长句子中加入中文逗号 `,` 以确保音频合成时有自然的停顿。 ### 第二步:音频合成 (执行 voice_reply_s...

0· 656·0 current·0 all-time
by@zhairen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose (generate TTS and return a URL) is plausible, but the implementation hard-codes system-specific paths (TARGET_PYTHON=/root/pythonenv, PIPER_MODEL=/root/models/..., OUTPUT_DIR=/opt/1panel/...), and a BASE_URL (https://voice.robotmusk.com). These expectations tie the skill to a particular server layout and elevated directories rather than working generically. Also the metadata/README require 'ffmpeg' but the code invokes 'ffmpeg-amr' and expects 'piper' as a Python module; these mismatches are not justified by the description.
Instruction Scope
SKILL.md limits the agent to a three-step flow and instructs calling the included Python script then sending the returned URL via default_api.message. That scope is reasonable, but SKILL.md does not document the script's hard-coded filesystem and interpreter requirements (root pythonenv, model path, webroot). The SKILL.md claims the script will 'upload' and return a URL, but in reality the script writes files into a local webroot path and synthesizes a URL using a hard-coded BASE_URL — this implicit hosting assumption is not surfaced in the instructions.
Install Mechanism
This is an instruction-only skill with no install spec; nothing is written to disk during install. That is lower risk. However the runtime expects external components (piper module, a specific ffmpeg binary) to already exist.
!
Credentials
The skill declares no required env vars or credentials but the code requires filesystem write access to /opt/1panel/..., reads a model at /root/models/..., and will exec into /root/pythonenv if present. Requesting filesystem permissions (see _meta.json) is consistent, but the specific hard-coded privileged paths are disproportionate to a generic TTS helper and could cause unexpected privilege/use-of-root behavior. BASE_URL points to an external domain; the script will return a URL tied to that domain even if the host isn't actually serving it.
!
Persistence & Privilege
The skill is not 'always:true' and won't auto-install, but at runtime it writes audio files into a system webroot and requires filesystem permission. Writing into /opt/... and switching interpreters is an elevated filesystem footprint beyond a minimal temp-file approach. It does not modify other skills, but the filesystem access requested and hard-coded locations increase the blast radius if misconfigured.
What to consider before installing
This skill will run an included Python script that: (1) may re-exec into /root/pythonenv if present, (2) expects a Piper model at /root/models/..., (3) writes generated audio into /opt/1panel/www/sites/voice.robotmusk.com/index and returns URLs under https://voice.robotmusk.com, and (4) calls ffmpeg-amr (code) though metadata says ffmpeg. Before installing or using: - Confirm you control the target BASE_URL and that the OUTPUT_DIR is appropriate and writable by the agent; otherwise the returned URLs may be invalid or expose files publicly. - Be cautious about the hard-coded /root paths; if those paths exist the script will switch interpreters which may run with elevated privileges. - Verify that the required Piper Python module and the specific ffmpeg binary are installed (and whether ffmpeg-amr vs ffmpeg is available). - Prefer changes before use: make TARGET_PYTHON, PIPER_MODEL, OUTPUT_DIR, FFMPEG_BIN and BASE_URL configurable via environment variables; use a secure temporary output directory by default; avoid execv into root-owned interpreters. - If you do not control the domain voice.robotmusk.com or the system webroot path, do not install/run this skill as-is. These inconsistencies could be sloppy engineering or deployment-specific assumptions — treat it as suspicious until addressed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ddjqyvm6z9yzw2sb4a98c4x819j6h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎤 Clawdis
OSLinux
Binsffmpeg, python3

Comments