← Back to Skills Marketplace
easwee

Voice Log

by Anej Gorkič · GitHub ↗ · v0.1.5
cross-platform ✓ Security Clean
695
Downloads
2
Stars
4
Active Installs
4
Versions
Install in OpenClaw
/install voice-log
Description
Background voice journaling with Soniox realtime STT for OpenClaw. Requires SONIOX_API_KEY. Get/create your Soniox API key at https://soniox.com/speech-to-te...
Usage Guidance
This skill appears to do what it says: record your microphone and stream audio to Soniox STT using a SONIOX_API_KEY, keep a rolling 60-minute text log, and let you start/stop and request recent summaries. Before installing: 1) Confirm you want continuous microphone capture and trust Soniox (audio is streamed to their realtime STT service). 2) Provide a Soniox API key only if you accept that audio and derived transcripts go to Soniox. 3) Be aware npm install will fetch @soniox/node from the public registry. 4) Inspect and monitor the created .data directory for stored transcripts and logs; rotate or delete it if you need longer-term privacy. 5) Note the small inconsistencies: registry metadata omitted the SONIOX_API_KEY requirement, and the script forwards a few host env vars (PATH, HOME, audio-related vars) to the daemon despite SKILL.md saying only the Soniox key is forwarded — this is likely benign (needed for audio capture) but worth knowing. If you want higher assurance, review the full (untruncated) daemon script and run the skill in a constrained environment or sandbox first.
Capability Analysis
Type: OpenClaw Skill Name: voice-log Version: 0.1.5 The OpenClaw voice-log skill is designed for background voice journaling using Soniox STT. It demonstrates strong security practices, including explicitly limiting environment variables passed to child processes, deleting the `SONIOX_API_KEY` from the daemon's environment after use, and using `spawn` with hardcoded commands/arguments for audio capture to prevent shell injection. All data is confined to a local, hardened `.data` directory. The `SKILL.md` instructions for the AI agent are benign, focusing on controlling output and accurate reporting, with no evidence of prompt injection attempts to subvert the agent's behavior or exfiltrate data. No malicious intent or high-risk vulnerabilities were identified.
Capability Assessment
Purpose & Capability
Name/description, package.json, SKILL.md, and scripts all show a voice-journaling daemon that captures microphone audio and streams to Soniox realtime STT using a SONIOX_API_KEY. Required binaries (node and a microphone capture tool) and the Soniox API key are appropriate and expected for this functionality.
Instruction Scope
Runtime instructions are scoped to starting/stopping a local daemon, maintaining a 60-minute rolling text log, and summarizing recent minutes. The SKILL.md says the daemon environment forwards only SONIOX_API_KEY (and language hints), but the control script actually copies several host env vars (PATH, HOME, LANG, LC_ALL, XDG_RUNTIME_DIR, PULSE_SERVER, ALSA_CONFIG_PATH, DBUS_SESSION_BUS_ADDRESS) into the daemon environment to support audio capture. Those copied vars are reasonable for audio access but are broader than the SKILL.md claim.
Install Mechanism
This is instruction-only with included JS scripts and a package.json. There is no remote arbitrary download in the skill itself. Running npm install will fetch @soniox/node from the npm registry (expected for Soniox integration). This is standard but does pull a third‑party package at install time.
Credentials
The skill legitimately requires SONIOX_API_KEY (declared in SKILL.md, package.json, and used in code). The code does not request unrelated credentials. However, there's a metadata inconsistency: the registry summary at the top of the submission claims 'Required env vars: none' while the embedded SKILL.md and package.json require SONIOX_API_KEY. Also, the control script forwards a handful of host env vars (see instruction_scope) — typically harmless but worth noting since SKILL.md states only the Soniox key is forwarded.
Persistence & Privilege
The skill runs a background daemon (detached child process) and stores state/journal files under ./ .data in the skill directory. always: false and no cross-skill or system-wide modifications are requested. Behavior (writing local files, PID, logs) is consistent with the described purpose.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install voice-log
  3. After installation, invoke the skill by name or use /voice-log
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.5
Security hardening and audio capture reliability fixes
v0.1.3
Simplify and cleanup skill code
v0.1.2
Security and trust hardening release focused on compliance with automated safety review and VirusTotal screening expectations. This update resolves metadata consistency by explicitly declaring SONIOX_API_KEY as required, removes custom shell-command audio execution and all bash -lc usage, restricts capture to known binaries (arecord/rec/ffmpeg), keeps explicit user- controlled invocation (implicit invocation disabled), and retains transparent privacy behavior (audio streamed to Soniox only while running; rolling text journal local). Language-hint examples updated to ["en","de"].
v0.1.1
Initial public release of Voice Log for OpenClaw. Adds background Soniox realtime STT journaling with minute timestamps and a rolling 60-minute text-only log. Supports natural commands: 'start voice journal' / 'start voice log', 'end voice journal', and 'summarize what we talked about for last N minutes' (via log retrieval). Start command supports optional Soniox language hints as a JSON array, for example: start voice log ["en","de"], and forwards hints directly as provided. Writes to a data text file.
Metadata
Slug voice-log
Version 0.1.5
License
All-time Installs 4
Active Installs 4
Total Versions 4
Frequently Asked Questions

What is Voice Log?

Background voice journaling with Soniox realtime STT for OpenClaw. Requires SONIOX_API_KEY. Get/create your Soniox API key at https://soniox.com/speech-to-te... It is an AI Agent Skill for Claude Code / OpenClaw, with 695 downloads so far.

How do I install Voice Log?

Run "/install voice-log" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Voice Log free?

Yes, Voice Log is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Voice Log support?

Voice Log is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Voice Log?

It is built and maintained by Anej Gorkič (@easwee); the current version is v0.1.5.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments