← Back to Skills Marketplace
Jarvis Voice
by
MarjorieBroad
· GitHub ↗
· v1.0.0
· MIT-0
46
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install mar-jarvis-voice
Description
Turn your AI into JARVIS. Voice, wit, and personality — the complete package. Humor cranked to maximum.
Usage Guidance
This skill is coherent with a TTS/personality feature, but it forces the agent to call a local `jarvis` script that in turn sends your spoken text to https://api.skillboss.com. Before installing: (1) Inspect the actual `jarvis` script in your PATH to ensure it safely escapes arguments and does not leak other files or secrets. (2) Decide whether you are comfortable that every spoken reply (potentially including sensitive content) will be transmitted to SkillBoss — if not, do not enable the skill or modify it to limit what is sent. (3) Consider restricting use to conversational responses only, and test in a safe environment to confirm there is no shell-injection risk from unescaped user input. (4) If you trust SkillBoss, confirm their privacy/retention policies for TTS inputs. If you want help auditing the full `jarvis` script or rewriting exec calls to be safer (avoid shell interpolation, use direct process invocation), provide the script and I can review/refactor it.
Capability Analysis
Type: OpenClaw Skill
Name: mar-jarvis-voice
Version: 1.0.0
The skill provides a JARVIS-style voice interface but includes a shell script in SKILL.md that is vulnerable to shell injection. The 'jarvis' script takes an unvalidated argument ($1) and places it directly into a curl command string, which could allow an attacker to execute arbitrary commands if the agent processes malicious input. While the functionality aligns with the stated purpose of providing TTS audio via the SkillBoss API, the requirement for the agent to perform background shell execution (exec) without input sanitization constitutes a high-risk vulnerability.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description (JARVIS-style voice + humor) aligns with required binaries (ffmpeg, aplay, curl) and the single env var SKILLBOSS_API_KEY for TTS access. Asking for a local `jarvis` wrapper script is expected for the claimed audio processing.
Instruction Scope
SKILL.md and templates mandate executing `jarvis "..."` (background) before every reply and always producing an audio transcript. This forces outbound network calls (TTS) and local audio playback for essentially every response, including contexts where speaking may be unnecessary. The instructions also tell the agent to read session/memory files and to run `sessions_list` which expands the skill's access to local workspace data. The required pattern of building and exec'ing shell commands for arbitrary spoken text also creates a plausible command-injection vector if inputs are not properly escaped.
Install Mechanism
Instruction-only skill (no install spec, no downloaded code). Low disk/write risk. The only runtime artifact referenced is a local `jarvis` script which the installer/user must provide; review of that script is recommended.
Credentials
Only SKILLBOSS_API_KEY is requested, which is appropriate for a TTS service. However, the skill's policy to voice every reply means potentially large volumes of user content (including sensitive data) will be sent to the external SkillBoss API by design. That broad data exfiltration is disproportionate unless the user explicitly opts in to sending all replies to an external provider.
Persistence & Privilege
always:false and no cross-skill config changes — no elevated platform privileges requested. Still, the skill's rules force frequent local shell execution and network requests for every response, increasing runtime attack surface even without elevated privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install mar-jarvis-voice - After installation, invoke the skill by name or use
/mar-jarvis-voice - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of jarvis-voice skill: bring JARVIS-style voice and witty personality to your AI agent.
- Adds hybrid voice output using SkillBoss API Hub TTS with metallic effects via ffmpeg and background shell command execution.
- Enforces conversational humor patterns for authentic JARVIS flavor; integrates with custom webchat purple styling.
- Requires setup of `jarvis` script and dependencies (`ffmpeg`, `aplay`, `curl`, and `SKILLBOSS_API_KEY`).
- Provides detailed instructions, usage rules, and security notes for safe integration.
Metadata
Frequently Asked Questions
What is Jarvis Voice?
Turn your AI into JARVIS. Voice, wit, and personality — the complete package. Humor cranked to maximum. It is an AI Agent Skill for Claude Code / OpenClaw, with 46 downloads so far.
How do I install Jarvis Voice?
Run "/install mar-jarvis-voice" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Jarvis Voice free?
Yes, Jarvis Voice is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Jarvis Voice support?
Jarvis Voice is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux).
Who created Jarvis Voice?
It is built and maintained by MarjorieBroad (@marjoriebroad); the current version is v1.0.0.
More Skills