← Back to Skills Marketplace
676
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install percept-voice-cmd
Description
Detects wake words in speech and routes voice commands like email, text, reminders, search, and notes to OpenClaw agents for execution.
Usage Guidance
This skill appears to do what it says (detect wake words and forward commands) but its instructions reference local files (percept/data/contacts.json and speakers.json), a dashboard (port 8960), a database, and an OpenClaw CLI without declaring required binaries, config paths, or any auth details. Before installing, ask the publisher for: (1) the exact CLI binary name and required invocation/authorization (how does agent authenticate to OpenClaw?); (2) explicit config paths and file permissions for percept/data/*.json and what data will be read or logged; (3) whether any credentials or network endpoints are required and how they are protected; and (4) an authoritative source or homepage (the SKILL.md links a GitHub repo but registry source is 'unknown'). Restrict the agent’s ability to execute high-risk actions (sending email/SMS, posting to calendars) or require explicit user confirmation for those actions until you’ve validated the integration. If you cannot obtain clear answers or verify the code/source, consider not installing or running this skill in a limited sandboxed environment.
Capability Analysis
Type: OpenClaw Skill
Name: percept-voice-cmd
Version: 1.0.0
The skill is suspicious due to a critical vulnerability described in `SKILL.md`. The documentation explicitly states that for 'General' commands, '[anything]' from the user's voice input will be 'forwarded to OpenClaw CLI for execution.' This instruction to the AI agent creates a severe prompt injection risk, potentially leading to arbitrary command execution (RCE) if the OpenClaw CLI or the underlying system does not adequately sanitize the user-provided input.
Capability Assessment
Purpose & Capability
The README-style instructions claim the skill will route voice commands to an OpenClaw CLI and depend on a percept-listen skill, but the skill metadata declares no required binaries, no config paths, and no primary credential. That omission is inconsistent: a runtime that calls an external CLI or reads local percept/data files would normally declare the CLI binary and config paths.
Instruction Scope
SKILL.md explicitly instructs the agent to read percept/data/contacts.json and percept/data/speakers.json, to consult a dashboard on port 8960, and to dispatch commands to the OpenClaw CLI. Those file/database/dashboard accesses are not declared elsewhere and represent access to potentially sensitive personal data (contacts, speaker IDs) and the ability to execute actions via CLI. The instructions grant broad discretion (two-tier parsing with LLM fallback, general forwarding of 'anything') which could forward arbitrary user input to the agent for execution.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so there is no downloader or install script writing code to disk. That lowers supply-chain risk, but does not remove runtime risks from commands the agent may run based on these instructions.
Credentials
The skill references local config/data files and a dashboard and requires an OpenClaw CLI, but declares no environment variables, no config paths, and no credentials. In particular, contact and speaker JSON files (sensitive user data) are referenced without any explicit permission or path declaration. The lack of declared credentials for OpenClaw CLI usage is an unexplained gap.
Persistence & Privilege
always is false and the skill does not request forced inclusion or elevated platform privileges. Autonomous invocation is allowed (platform default); combined with the other concerns this increases potential impact but on its own is expected.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install percept-voice-cmd - After installation, invoke the skill by name or use
/percept-voice-cmd - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of percept-voice-cmd:
- Detects wake words and routes voice commands to OpenClaw agents for hands-free control.
- Supports actions like email, text, reminders, search, calendar, notes, and general custom commands.
- Allows configuration of wake words and authorized speakers via dashboard or config files.
- Uses fast regex and LLM fallback for intent parsing, and resolves contacts from an address book.
- Unapproved speaker commands are logged but not executed.
Metadata
Frequently Asked Questions
What is Percept Voice Commands?
Detects wake words in speech and routes voice commands like email, text, reminders, search, and notes to OpenClaw agents for execution. It is an AI Agent Skill for Claude Code / OpenClaw, with 676 downloads so far.
How do I install Percept Voice Commands?
Run "/install percept-voice-cmd" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Percept Voice Commands free?
Yes, Percept Voice Commands is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Percept Voice Commands support?
Percept Voice Commands is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Percept Voice Commands?
It is built and maintained by jarvis563 (@jarvis563); the current version is v1.0.0.
More Skills