Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Voice Chat Bridge
v2.3.5自动处理语音消息:将语音转写为文字,结合上下文生成智能回复,并合成语音回复。当收到语音或音频消息时自动激活。
⭐ 1· 152·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and documentation implement a coherent voice processing pipeline (STT via Sherpa-ONNX/Vosk, LLM-driven replies, Edge TTS / pyttsx3 fallback) which matches the skill description. However the repository also references additional STT engines, LLM configuration, and model directories not declared in the skill metadata. Some helper modules (telegram/feishu handlers) import network libraries and contain legacy API helpers even though the runtime intends OpenClaw to handle transport — this is plausible but not strictly minimal for the stated purpose.
Instruction Scope
SKILL.md and scripts instruct the agent to run local scripts at specific absolute paths (e.g. /root/.agents/skills/voice-chat/... and elsewhere /root/.openclaw/... depending on doc), call local binaries (ffmpeg, edge-tts) and invoke the OpenClaw CLI to reuse a session (openclaw agent --session-id ...). The skill requires reading message media paths and writing temporary files under /tmp/voice-chat; it also expects OPENCLAW_SESSION_ID/OPENCLAW_GATEWAY_URL/OPENCLAW_API_KEY environment variables at runtime (used by run_voice_chat.py), but the skill metadata lists no required envs — this mismatch is a scope and transparency concern. The instructions also instruct automatic activation when voice messages are received, so a misconfigured trigger could cause frequent autonomous runs.
Install Mechanism
There is no automated install spec (instruction-only), which lowers installer risk; however the skill requires heavy third-party packages and large model downloads (sherpa-onnx, Vosk models) and README instructs users to wget GitHub release archives (GitHub is a legitimate host). No arbitrary personal server or URL shorteners are used in the provided docs. Because large models and native dependencies are required, installation is non-trivial and should be done in an isolated environment.
Credentials
The skill metadata declares no required environment variables or primary credential, but the code expects and reads multiple environment variables (OPENCLAW_SESSION_ID, OPENCLAW_GATEWAY_URL, OPENCLAW_API_KEY, EDGE_TTS_BIN, VOSK_MODEL_DIR, SHERPA_MODEL_DIR, STT_ENGINE, etc.) and optionally LLM API info. This omission is an incoherence: the skill will depend on secrets or session identifiers if used in its 'full' mode but doesn't advertise that to the installer. Any skill that reuses an OpenClaw session ID can act with the session's context — that capability should be explicit to administrators.
Persistence & Privilege
The skill is not forced always-on and does not declare elevated platform privileges. It runs subprocesses (openclaw CLI, ffmpeg, edge-tts) to reuse the current session's LLM context if OPENCLAW_SESSION_ID is set. Autonomous invocation is allowed by default (normal for skills) — combined with the undeclared session usage this increases blast radius, but the skill does not request persistent modifications to other skills or system-wide config.
What to consider before installing
Summary of what to check before installing:
- Transparency: The skill metadata declares no required environment variables, but the code expects several (OPENCLAW_SESSION_ID, OPENCLAW_GATEWAY_URL, OPENCLAW_API_KEY, EDGE_TTS_BIN, VOSK_MODEL_DIR, SHERPA_MODEL_DIR, etc.). Treat that as a red flag — confirm with the author which env vars are required and why.
- Paths and triggers: SKILL.md / README reference different install paths (/root/.agents/... vs /root/.openclaw/...). The runtime scripts call hard-coded absolute paths in docs; verify the actual installation location and update triggers (SOUL.md) to avoid accidental execution in the wrong context.
- Session reuse: run_voice_chat.py can invoke the OpenClaw CLI using an OPENCLAW_SESSION_ID to reuse the current session's LLM context. If you provide a session id, the skill will operate with that session's context — only grant this to skills you fully trust. If unsure, do not set OPENCLAW_SESSION_ID and accept degraded behavior.
- Model and dependency risks: The skill requires heavy native packages and large models (sherpa-onnx, downloaded model archives, Vosk). Install and run in an isolated environment (container/VM) and be prepared for large disk/CPU usage. The README instructs downloading models from GitHub releases (legitimate), but verify checksums if possible.
- Network/data exfiltration: The code does not contain obvious exfiltration endpoints, but it can call external TTS services (Edge TTS) and will invoke system commands. Review and restrict EDGE_TTS_BIN if you want to force local-only TTS (pyttsx3) and avoid cloud TTS.
- Least privilege: If you want to test, run the skill offline with Vosk and pyttsx3 only (set STT_ENGINE=vosk and EDGE_TTS_BIN unset), and do not provide OPENCLAW_SESSION_ID or any API keys. Run in a safe environment and confirm behavior before enabling automatic triggers in your live gateway.
- If you are not comfortable with the undeclared env requirements and hard-coded path assumptions, treat this skill as untrusted and avoid granting it session-level credentials or enabling autonomous triggers until the author fixes the metadata and path inconsistencies.Like a lobster shell, security has layers — review code before you run it.
latestvk97df099rvw6s3hp08vv4dqe79840c0msensevoicevk975c3d5fjsgms31e241b1g1wh841xkysherpa-onnxvk97df099rvw6s3hp08vv4dqe79840c0msttvk97df099rvw6s3hp08vv4dqe79840c0mttsvk97df099rvw6s3hp08vv4dqe79840c0mvoicevk97df099rvw6s3hp08vv4dqe79840c0mvoskvk97df099rvw6s3hp08vv4dqe79840c0m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.