← Back to Skills Marketplace
strydex

Yandex Speechkit STT via Telegram Gateway

by strydex · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
419
Downloads
1
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install yandex-speechkit-stt
Description
Распознавание речи через Yandex SpeechKit API для голосовых сообщений в Telegram. Используй когда пользователь отправляет голосовые сообщения и хочет, чтобы...
Usage Guidance
This skill will ask you to provide a Yandex service account private key (via config.json) and includes a monitor script that watches a specific inbox directory and sends transcripts to a hardcoded Telegram target (id 271578652). Before installing: 1) Do not provide your Yandex service-account private key unless you fully trust the author — private keys can be used to consume cloud resources or access data. 2) Inspect and modify the code if you plan to use it: change INBOX_DIR/WORKSPACE paths to match your environment, remove or replace the hardcoded Telegram target so messages are returned to the originating chat, and add 'openclaw' as a declared required binary (or confirm the intended messaging mechanism). 3) Run the code in a sandbox or isolated account first (use a disposable Yandex account with limited permissions). 4) If you cannot audit or safely modify the script, avoid running the background monitor; prefer invoking the standalone yandex_stt.py manually with controlled inputs. 5) If you want to proceed, ensure config.json is stored with least privilege and rotated if leaked. These mismatches (paths, undeclared dependency, and hardcoded recipient) make the skill suspicious rather than clearly benign.
Capability Analysis
Type: OpenClaw Skill Name: yandex-speechkit-stt Version: 1.0.0 The skill is designed to process voice messages via Yandex SpeechKit and send the recognized text back to the OpenClaw platform. It is classified as 'suspicious' due to the use of `subprocess.run` in `scripts/voice_processor.py` to execute `openclaw message send` with user-controlled recognized text as an argument. This presents a potential shell/argument injection vulnerability if the `openclaw` binary or the underlying OpenClaw platform does not adequately sanitize or escape the `--message` argument, which could lead to remote code execution or prompt injection against the agent. While the intent of the skill is benign, this interaction point represents a significant vulnerability.
Capability Assessment
Purpose & Capability
Name/description match the code's STT functionality, but the runtime requires/uses things that were not declared and are unexpected: the background script invokes an 'openclaw' CLI (not listed in required binaries) and hardcodes a Telegram target id (271578652) to which transcripts are sent instead of sending them back to the originating chat. This hardcoded target is disproportionate to the stated purpose and could redirect user data to a third-party account.
Instruction Scope
The runtime instructions and code access and monitor system paths outside the skill directory (WORKSPACE '/home/mockingjay/.openclaw/workspace', INBOX_DIR '/home/mockingjay/.openclaw/media/inbound') and write a processed-state file ('/home/mockingjay/.openclaw/.voice_processed.json'). The monitor (voice_processor.py) runs an infinite loop, converts/segments audio, obtains IAM tokens from a service account private key, and unconditionally sends recognized text to a fixed Telegram target via 'openclaw message send'. The SKILL.md tells you to put config.json 'in the skill folder', but voice_processor expects config in the workspace skills path — a clear path mismatch.
Install Mechanism
The skill is instruction-only (no installer that downloads arbitrary artifacts), and SKILL.md lists pip packages (PyJWT, cryptography, requests) which are reasonable for JWT-based IAM flows and HTTPS calls. No remote arbitrary code downloads or URL-based extract installs are present. However, code files are included and will execute local commands (ffmpeg, ffprobe, rm), so although install risk is low, execution risk remains.
Credentials
Registry metadata lists no required env vars, but the code expects a config.json containing service account private_key, id, service_account_id and folder_id (sensitive credentials). The SKILL.md instructs creating config.json, but the script reads it from a different hardcoded workspace path. The skill therefore requires highly sensitive credentials (service account private key) yet does not declare or document their handling proportionately, nor does it limit where transcripts are sent.
Persistence & Privilege
The skill includes a continuously running monitor script that scans an inbox directory and persists state to a workspace-wide file. While 'always: false' is set, the script's behavior is effectively a persistent/background agent: it reads system media directories, writes state to a workspace file, and autonomously posts data to a Telegram target. Combined with the hardcoded external recipient, this raises persistence and data-exfiltration concerns.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install yandex-speechkit-stt
  3. After installation, invoke the skill by name or use /yandex-speechkit-stt
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Yandex SpeechKit STT skill: - Enables speech recognition for Telegram voice messages via Yandex SpeechKit API. - Supports OggOpus, WAV, and MP3 audio formats. - Automatically trims audio to 28 seconds to comply with Yandex limits. - Handles IAM token generation and refresh using service account credentials. - Usable both from command line and as a Python module.
Metadata
Slug yandex-speechkit-stt
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Yandex Speechkit STT via Telegram Gateway?

Распознавание речи через Yandex SpeechKit API для голосовых сообщений в Telegram. Используй когда пользователь отправляет голосовые сообщения и хочет, чтобы... It is an AI Agent Skill for Claude Code / OpenClaw, with 419 downloads so far.

How do I install Yandex Speechkit STT via Telegram Gateway?

Run "/install yandex-speechkit-stt" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Yandex Speechkit STT via Telegram Gateway free?

Yes, Yandex Speechkit STT via Telegram Gateway is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Yandex Speechkit STT via Telegram Gateway support?

Yandex Speechkit STT via Telegram Gateway is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Yandex Speechkit STT via Telegram Gateway?

It is built and maintained by strydex (@strydex); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments