← Back to Skills Marketplace
jiwannian

Ningyao Voice Launcher

by jiwannian · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ⚠ suspicious
289
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install ningyao-voice-launcher
Description
Install and configure a local browser-based Chinese voice chat launcher with the Ning Yao persona, including one-click Windows launchers, browser speech I/O,...
Usage Guidance
What to check before installing or running: - Treat this as code you run locally: inspect server.js before running. Pay attention to the terminal endpoint and file-read logic. The current code disallows '..' and shell metacharacters but does NOT prevent absolute paths; patch matchAllowedCommand to resolve and ensure requested files are inside the workspace directory (use path.resolve and verify startsWith workspaceDir). - Do NOT supply an organizational or high-privilege OpenAI key. Use a dedicated, limited-scope key or test account because chat and screen images are sent to the model provider. - If you enable screen capture, assume the images will be transmitted to the configured OpenAI-compatible endpoint. Avoid sharing sensitive screens. - Fix the metadata: the skill registry entry should declare OPENAI_API_KEY (and any other required env vars). The mismatch between metadata and SKILL.md is confusing and should be corrected. - Consider running the server in an isolated environment (VM/container) until you are confident. Run npm install in a controlled environment and review dependencies (express, openai are expected). - Consider removing or editing the publish-clawhub.mjs file: it references absolute local paths and local file system tooling — harmless if not executed but odd in a distributed package. If you want, I can produce a small patch for server.js to safely constrain terminal 'type' to workspaceDir (resolve path and block absolute paths), and a checklist of environment variables to add to package metadata.
Capability Analysis
Type: OpenClaw Skill Name: ningyao-voice-launcher Version: 0.1.0 The bundle provides a local voice chat application with a 'safe terminal' feature in `server.js` that is vulnerable to command injection. The `/api/terminal` endpoint uses `cmd /c` to execute commands, and while it employs a whitelist/blacklist, the sanitization for the `type` command is insufficient to prevent all forms of shell metacharacter exploitation. Furthermore, `SKILL.md` instructs the AI agent to perform high-risk administrative tasks, such as executing a PowerShell script (`scripts/install-launcher.ps1`) with `ExecutionPolicy Bypass`. While these features appear intended for a developer utility rather than being explicitly malicious, the combination of RCE vulnerabilities and high-privilege execution instructions warrants a suspicious classification.
Capability Assessment
Purpose & Capability
The skill's stated purpose is a local browser-based Ning Yao voice chat front end. The code and assets match that purpose (client UI, server calling OpenAI, screen capture, safe terminal). However the registry metadata lists no required env vars while the runtime instructions and server code require OPENAI_API_KEY (and optionally other OPENAI_* envs). That mismatch is incoherent — installing agents/tools should surface that this skill needs an API key.
Instruction Scope
SKILL.md instructs copying the bundled template, installing npm deps, creating .env with OPENAI_API_KEY, and running. The server exposes /api/chat, /api/screen, and /api/terminal. The SKILL.md and README claim the terminal is '只读 + 开发白名单' and limited to current-directory safe reads, but server.js's matchAllowedCommand allows 'type <path>' only checking for '..' and shell metacharacters; it does not forbid absolute paths (e.g. C:\Windows\... ) or otherwise ensure files are under the workspace directory. That contradicts the claim and creates risk of reading arbitrary local files. Also the client captures screen images and posts them to /api/screen which the server forwards to OpenAI — that means potentially sensitive screen content will be sent to the remote model using your OpenAI key.
Install Mechanism
There is no remote installer or network-download install step in the skill metadata; the package is instruction + included local files. That is lower risk than arbitrary remote downloads. The repo does contain a publish script that references local absolute paths on the author's machine, which is odd but not itself a remote-install risk.
Credentials
The server code requires OPENAI_API_KEY (and optionally OPENAI_BASE_URL, OPENAI_MODEL, OPENAI_TIMEOUT_MS, SYSTEM_PROMPT). The registry metadata claimed no required env vars — a discrepancy. The OPENAI_API_KEY will be used to send chat and screen images to the model provider; supplying a high-privilege or organizational key would expose all sent screen captures and chat content to that provider. The SKILL.md exposes SYSTEM_PROMPT (persona) which is expected, but a prompt-injection pattern was detected in SKILL.md (see scan_findings_in_context).
Persistence & Privilege
always is false (not force-included). The skill doesn't request system-wide modifications or other skills' configs. It will run a local server and can be invoked by the agent (default autonomous invocation allowed). That combination is normal for a local launcher; no elevated persistence/config edits are requested.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install ningyao-voice-launcher
  3. After installation, invoke the skill by name or use /ningyao-voice-launcher
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial public release
Metadata
Slug ningyao-voice-launcher
Version 0.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Ningyao Voice Launcher?

Install and configure a local browser-based Chinese voice chat launcher with the Ning Yao persona, including one-click Windows launchers, browser speech I/O,... It is an AI Agent Skill for Claude Code / OpenClaw, with 289 downloads so far.

How do I install Ningyao Voice Launcher?

Run "/install ningyao-voice-launcher" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Ningyao Voice Launcher free?

Yes, Ningyao Voice Launcher is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Ningyao Voice Launcher support?

Ningyao Voice Launcher is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Ningyao Voice Launcher?

It is built and maintained by jiwannian (@jiwannian); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments