Safety Report

VoiceClaw

Name: VoiceClaw
Author: Asif2BD

Local voice I/O for OpenClaw agents. Transcribe inbound audio/voice messages using local Whisper (whisper.cpp) and generate voice replies using local Piper T...

176Downloads

0Installs

0Stars

7Versions

Video & Audio1,618 Networking & DNS1,102 Legal & Compliance738

Security Analysis

high confidence

Clean

VoiceClaw's files, scripts, and SKILL.md are internally consistent with its stated purpose: offline local STT/TTS using whisper, piper, and ffmpeg, and it does not request unrelated credentials or network access.

Mar 7, 20267 files1 concern

Purpose & Capabilityok

Name/description (local STT/TTS) matches required binaries (whisper, piper, ffmpeg) and included scripts. Declared env vars (WHISPER_BIN, WHISPER_MODEL, PIPER_BIN, VOICECLAW_VOICES_DIR) are appropriate and optional for locating binaries/models.

Instruction Scopenote

Runtime instructions and the two scripts operate on local files (input audio, local model files, /tmp) and call only the declared binaries. SKILL.md and README consistently instruct local usage. One minor inconsistency: README/SKILL.md mention the Whisper model may be "auto-downloaded on first use," but the shipped scripts do not perform any automatic download — model download is a manual/optional step documented in README. This is informational rather than a security mismatch.

Install Mechanismok

No install spec in registry (instruction-only), so nothing is automatically downloaded or executed by the skill itself. README documents optional manual install routes (git clone, curl from GitHub releases, ClawHub). Those manual commands point to expected project hosts and are not executed by the skill.

Credentialsok

No credentials or sensitive environment variables are required. Optional env vars relate directly to binary/model paths. The skill does not request unrelated secrets or system config paths.

Persistence & Privilegeok

Skill is not set to always:true and is user-invocable only. It does not modify other skills or system-wide configs. Scripts write temporary files under /tmp and return output paths; they do not persist credentials or install background services.

Guidance

This skill appears to be what it says: an offline STT/TTS helper that runs local whisper/piper/ffmpeg. Before installing: ensure you obtain whisper, piper, ffmpeg, and voice/model files from trusted sources; verify the model files exist (scripts will error otherwise); note that any one-time model download (documented in README) will contact the network only if you run the manual curl/git commands yourself; review and test the included scripts in a safe environment (they operate on /tmp and local files). If you need absolute assurance, inspect the whisper and piper binaries you will use (third-party native binaries can have their own risks). Finally, be aware of the minor doc mismatch: the project mentions an "auto-download on first use" but the provided scripts do not perform automatic downloads — model provisioning is manual or handled by the underlying whisper/piper install you choose.

Latest Release

v1.0.6

v1.0.6: Complete SKILL.md rewrite — runtime-only content, zero download/URL/install references in body, clean description with no contradictions. Resolves ClawHub scanner suspicious flag.

More by @Asif2BD

OpenClaw Token Optimizer

8 stars

JARVIS Mission Control — Free AI Agent Coordination Hub

4 stars

Claude Code CLI for OpenClaw

0 stars

Avenger Initiative

0 stars

Humanize AI Content

0 stars

OpenClaw Skill Lazy Loader

0 stars

Published by @Asif2BD on ClawHub