← Back to Skills Marketplace
sundiver1

voice-email

by Sundiver1 · GitHub ↗ · v1.0.2
cross-platform ⚠ suspicious
555
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install voice-email
Description
Send emails via natural voice commands - designed for accessibility
Usage Guidance
This skill appears to do what it says (transcribe voice and send email), but there are transparency and secret-handling issues you should address before installing: 1) The registry metadata does not declare the required env vars/credentials (DEEPGRAM_API_KEY, Telegram token, Gmail OAuth) — assume they are required. 2) The guide recommends storing DEEPGRAM_API_KEY in openclaw.json (persistent plaintext) — avoid storing secrets in config files; prefer environment variables or a system keyring. 3) Verify the gogcli binary/source (the doc points to https://gogcli.ai) and prefer the npm install method if you trust it. 4) Use dedicated/test Gmail and Deepgram accounts with limited scopes/quotas when evaluating. 5) After install, review exactly what changes were made to ~/.openclaw/openclaw.json and inspect /tmp/openclaw-*.log for unexpected data. 6) If you require stricter assurance, ask the author to: a) update the registry metadata to declare required env vars and credentials, b) avoid instructions that persist secrets into openclaw.json or explicitly state secure storage behavior, and c) provide checksum-signed download links for gogcli. If you cannot validate these, treat the skill as untrusted and run only in an isolated/test environment.
Capability Analysis
Type: OpenClaw Skill Name: voice-email Version: 1.0.2 The 'voice-email' skill bundle is designed to send emails via voice commands, leveraging Deepgram for transcription and gogcli for Gmail. It explicitly declares necessary permissions like 'network', 'file_access', and 'modify_config', along with required credentials. While these permissions are high-risk, they are clearly aligned with the skill's stated purpose. The documentation (SKILL.md, SETUP.md) transparently outlines its functionality, prerequisites, and security considerations, including explicit statements about what the skill 'CANNOT Do' (e.g., execute arbitrary code, access unrelated files). There is no evidence of prompt injection attempts, data exfiltration to unauthorized endpoints, or other malicious intent. The instructions for installing `gogcli` are directed at the user, not the agent, and the testing commands use legitimate API endpoints.
Capability Assessment
Purpose & Capability
The skill name/description (voice-to-email via Deepgram + Gmail) aligns with the stated runtime behavior. However the registry metadata (required env vars, primary credential, required binaries) lists nothing, while the SKILL.md and SETUP.md clearly require DEEPGRAM_API_KEY, a Telegram bot token, and Gmail OAuth via gogcli. The missing declarations in metadata are an incoherence that reduces transparency.
Instruction Scope
The instructions stay within the stated purpose (transcribe voice, parse fields, send via gogcli) and explicitly require modifying OpenClaw config to enable audio. However the docs instruct persisting API keys into openclaw.json (or env) and reference log paths (/tmp/openclaw-*.log). The skill also claims it 'CANNOT access files outside of logging/debugging' while requesting file_access and modify_config permission — that should be treated as a claim, not an enforced constraint.
Install Mechanism
This is instruction-only (no install spec), so the skill itself doesn't download or execute code. The guide asks the user to install gogcli separately and suggests downloading a binary from https://gogcli.ai — users should verify that source and checksum before running. Instruction-only status is lower risk but relies on external tooling the user must trust.
Credentials
The runtime requires sensitive credentials (Deepgram API key, Telegram bot token, Gmail OAuth) and suggests storing keys in openclaw.json. None of these were declared in the registry metadata. Storing secrets in a persistent config file (openclaw.json) is a notable credential-handling risk; the skill also suggests optional ElevenLabs keys. The number and persistence of credentials are proportionate to the feature but the metadata omission and recommended storage location are problematic.
Persistence & Privilege
The skill does not request always:true and is user-invocable (normal). It does require permission to modify OpenClaw config (openclaw.json) to enable audio — this is expected for the feature but raises a scoped persistence change (config mutation). No claims of modifying other skills or system-wide settings are present.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install voice-email
  3. After installation, invoke the skill by name or use /voice-email
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
**Expanded configuration options, improved security clarity, and optional ElevenLabs support** - Added support for optional ElevenLabs API key for voice responses. - Updated documentation to clarify required vs. optional credentials and environment variables. - Improved security section: clearly states capabilities and limitations. - Expanded configuration instructions for Deepgram and new ElevenLabs option. - Added best practices and validation/testing steps for easier setup and safer usage.
v1.0.1
- Added security section specifying required permissions and credentials. - Updated setup instructions: improved safety for gogcli installation, clarified Deepgram configuration, and noted prerequisites explicitly. - Added a new section on security notes detailing network and credential handling. - Provided clear uninstall instructions. - Improved overall documentation clarity and structure.
v1.0.0
Initial release of voice-email skill. - Send emails using natural voice commands for improved accessibility. - Supports voice-to-text transcription with Deepgram. - Parse recipient, subject, and body from simple spoken instructions. - Integrates with Gmail via gogcli and receives commands via Telegram. - Provides setup instructions for required tools and example command phrases.
Metadata
Slug voice-email
Version 1.0.2
License
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is voice-email?

Send emails via natural voice commands - designed for accessibility. It is an AI Agent Skill for Claude Code / OpenClaw, with 555 downloads so far.

How do I install voice-email?

Run "/install voice-email" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is voice-email free?

Yes, voice-email is completely free (open-source). You can download, install and use it at no cost.

Which platforms does voice-email support?

voice-email is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created voice-email?

It is built and maintained by Sundiver1 (@sundiver1); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments