← 返回 Skills 市场
676
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install percept-voice-cmd
功能描述
Detects wake words in speech and routes voice commands like email, text, reminders, search, and notes to OpenClaw agents for execution.
安全使用建议
This skill appears to do what it says (detect wake words and forward commands) but its instructions reference local files (percept/data/contacts.json and speakers.json), a dashboard (port 8960), a database, and an OpenClaw CLI without declaring required binaries, config paths, or any auth details. Before installing, ask the publisher for: (1) the exact CLI binary name and required invocation/authorization (how does agent authenticate to OpenClaw?); (2) explicit config paths and file permissions for percept/data/*.json and what data will be read or logged; (3) whether any credentials or network endpoints are required and how they are protected; and (4) an authoritative source or homepage (the SKILL.md links a GitHub repo but registry source is 'unknown'). Restrict the agent’s ability to execute high-risk actions (sending email/SMS, posting to calendars) or require explicit user confirmation for those actions until you’ve validated the integration. If you cannot obtain clear answers or verify the code/source, consider not installing or running this skill in a limited sandboxed environment.
功能分析
Type: OpenClaw Skill
Name: percept-voice-cmd
Version: 1.0.0
The skill is suspicious due to a critical vulnerability described in `SKILL.md`. The documentation explicitly states that for 'General' commands, '[anything]' from the user's voice input will be 'forwarded to OpenClaw CLI for execution.' This instruction to the AI agent creates a severe prompt injection risk, potentially leading to arbitrary command execution (RCE) if the OpenClaw CLI or the underlying system does not adequately sanitize the user-provided input.
能力评估
Purpose & Capability
The README-style instructions claim the skill will route voice commands to an OpenClaw CLI and depend on a percept-listen skill, but the skill metadata declares no required binaries, no config paths, and no primary credential. That omission is inconsistent: a runtime that calls an external CLI or reads local percept/data files would normally declare the CLI binary and config paths.
Instruction Scope
SKILL.md explicitly instructs the agent to read percept/data/contacts.json and percept/data/speakers.json, to consult a dashboard on port 8960, and to dispatch commands to the OpenClaw CLI. Those file/database/dashboard accesses are not declared elsewhere and represent access to potentially sensitive personal data (contacts, speaker IDs) and the ability to execute actions via CLI. The instructions grant broad discretion (two-tier parsing with LLM fallback, general forwarding of 'anything') which could forward arbitrary user input to the agent for execution.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so there is no downloader or install script writing code to disk. That lowers supply-chain risk, but does not remove runtime risks from commands the agent may run based on these instructions.
Credentials
The skill references local config/data files and a dashboard and requires an OpenClaw CLI, but declares no environment variables, no config paths, and no credentials. In particular, contact and speaker JSON files (sensitive user data) are referenced without any explicit permission or path declaration. The lack of declared credentials for OpenClaw CLI usage is an unexplained gap.
Persistence & Privilege
always is false and the skill does not request forced inclusion or elevated platform privileges. Autonomous invocation is allowed (platform default); combined with the other concerns this increases potential impact but on its own is expected.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install percept-voice-cmd - 安装完成后,直接呼叫该 Skill 的名称或使用
/percept-voice-cmd触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of percept-voice-cmd:
- Detects wake words and routes voice commands to OpenClaw agents for hands-free control.
- Supports actions like email, text, reminders, search, calendar, notes, and general custom commands.
- Allows configuration of wake words and authorized speakers via dashboard or config files.
- Uses fast regex and LLM fallback for intent parsing, and resolves contacts from an address book.
- Unapproved speaker commands are logged but not executed.
元数据
常见问题
Percept Voice Commands 是什么?
Detects wake words in speech and routes voice commands like email, text, reminders, search, and notes to OpenClaw agents for execution. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 676 次。
如何安装 Percept Voice Commands?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install percept-voice-cmd」即可一键安装,无需额外配置。
Percept Voice Commands 是免费的吗?
是的,Percept Voice Commands 完全免费(开源免费),可自由下载、安装和使用。
Percept Voice Commands 支持哪些平台?
Percept Voice Commands 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Percept Voice Commands?
由 jarvis563(@jarvis563)开发并维护,当前版本 v1.0.0。
推荐 Skills