← Back to Skills Marketplace
279
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install voiceclaw-jp
Description
Voice conversation interface for OpenClaw using wake word detection, streaming LLM responses, and text-to-speech. Use when a user wants to talk to their Open...
Usage Guidance
This skill appears to implement the described voice → OpenClaw → VOICEVOX pipeline, but inspect and be aware of the following before installing:
- The server auto-reads ~/.openclaw/openclaw.json to obtain an OpenClaw gateway token. Confirm you are comfortable with that file being read and that it does not contain secrets you don't want the skill to access. If you prefer, set OPENCLAW_GATEWAY_TOKEN explicitly in a controlled environment instead.
- The registry metadata did not declare the config path or required env vars — treat that as an omission, not a guarantee of safety. Review src/server.js yourself (or run in an isolated VM/container) to confirm behavior.
- SKILL.md and README advise cloning a GitHub repo and running npm install; ensure you clone the intended upstream repository and verify its integrity. Running code from GitHub and npm packages should be done from trusted sources.
- The skill will make network calls to the configured OpenClaw gateway and VOICEVOX endpoints. Ensure those endpoints are local or trusted and that tokens used have limited privileges.
- Recommended mitigations: run the skill in an isolated environment (container/VM), audit the bundled server.js for any unexpected data exfiltration, and explicitly set environment variables rather than relying on auto-discovery if you want stricter control.
If you want, I can extract the exact lines where the code reads the home config and the env var usage so you can review them quickly.
Capability Analysis
Type: OpenClaw Skill
Name: voiceclaw-jp
Version: 0.1.0
The OpenClaw AgentSkills skill bundle 'voiceclaw-jp' is a voice conversation interface for OpenClaw. It reads the OpenClaw gateway token from `~/.openclaw/openclaw.json` and uses it to authenticate with the local OpenClaw Gateway. It also interacts with a local VOICEVOX TTS service. All file system and network access (to `127.0.0.1` by default) are directly related to its stated purpose. While user input passed to an LLM (via `/api/chat-stream` and `/api/chat` in `src/server.js`) inherently carries a prompt injection risk against the LLM, the skill itself does not craft malicious prompts or exhibit any intentional harmful behavior, data exfiltration, persistence mechanisms, or obfuscation. The `SKILL.md` and `README.md` provide setup instructions for the user, not malicious commands for an AI agent.
Capability Assessment
Purpose & Capability
The code and SKILL.md implement a voice → STT → OpenClaw (streaming) → VOICEVOX TTS pipeline which is coherent with the skill description. However registry metadata claims no required config paths or env vars, while the implementation explicitly reads ~/.openclaw/openclaw.json and honors environment variables like OPENCLAW_GATEWAY_TOKEN, VOICEVOX_URL, etc. The functionality is expected, but the metadata omission is inconsistent.
Instruction Scope
Runtime instructions and server code auto-detect and read a user's home config (~/.openclaw/openclaw.json) to obtain an OpenClaw gateway token. The SKILL.md/README mention this auto-detection, but the registry entry did not declare a config path. Reading a file in the user's home directory is sensitive and should be explicitly declared and reviewed.
Install Mechanism
No formal install spec is present in the registry, but SKILL.md/README instruct users to git clone a GitHub repository and run npm install. The code included in the package is standard Node.js (express, dotenv). Cloning from a GitHub repo is common and traceable, but the registry omission (no official install spec) and reliance on external git clone should be noted by the user.
Credentials
The skill does not declare required environment variables in the registry metadata, yet the server reads multiple env vars (OPENCLAW_GATEWAY_TOKEN, VOICEVOX_URL, etc.) and will auto-read a gateway token from a file in the user's home. Asking for/using a gateway token is appropriate for contacting OpenClaw, but the lack of declared config/credential requirements in the metadata is disproportionate and could surprise users; reading a home config file increases privacy risk.
Persistence & Privilege
The skill is not set to always:true, has no special OS restrictions, and does not modify other skills or global agent configuration. It runs as a normal local server process and requires explicit user invocation to start.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install voiceclaw-jp - After installation, invoke the skill by name or use
/voiceclaw-jp - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Release 0.1.0
Metadata
Frequently Asked Questions
What is voiceclaw?
Voice conversation interface for OpenClaw using wake word detection, streaming LLM responses, and text-to-speech. Use when a user wants to talk to their Open... It is an AI Agent Skill for Claude Code / OpenClaw, with 279 downloads so far.
How do I install voiceclaw?
Run "/install voiceclaw-jp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is voiceclaw free?
Yes, voiceclaw is completely free (open-source). You can download, install and use it at no cost.
Which platforms does voiceclaw support?
voiceclaw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created voiceclaw?
It is built and maintained by kentoku24 (@kentoku24); the current version is v0.1.0.
More Skills