← 返回 Skills 市场
Slybroadcast Voicemail
作者
danielfoch
· GitHub ↗
· v1.0.0
749
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install slybroadcast-voicemail
功能描述
Send Slybroadcast ringless voicemail campaigns from OpenClaw/LLMs using CLI or MCP, including AI voice generation (ElevenLabs or generic HTTP voice API) and...
安全使用建议
Do not provide credentials or deploy this skill yet. The runtime docs require Slybroadcast credentials, ElevenLabs keys, and an npm workspace package, but the skill package contains no code or install instructions and lists no required env vars—this inconsistency could lead you to run or fetch untrusted code or expose voicemail files publicly. Ask the publisher for: (1) the source repository or official homepage, (2) an install spec (where to get @fub/slybroadcast-voicemail), and (3) the actual code to review. If you must test, use throwaway/least-privilege Slybroadcast and ElevenLabs keys, keep audio staging on a controlled domain, and avoid uploading sensitive recordings. Prefer skills with verifiable source and explicit install instructions before trusting secrets.
功能分析
Type: OpenClaw Skill
Name: slybroadcast-voicemail
Version: 1.0.0
The skill is classified as suspicious due to several inherent risks, even though no explicit malicious intent or prompt injection is found in SKILL.md. It requires access to multiple sensitive API keys (Slybroadcast, ElevenLabs) and instructs the agent to fetch audio from arbitrary URLs, which could be exploited for SSRF or fetching malicious content. Additionally, it requires staging local and AI-generated audio files to be publicly reachable, increasing the attack surface if sensitive data is inadvertently exposed. While these capabilities are plausibly needed for the stated purpose, they introduce significant security considerations and potential for misuse or exploitation if the agent's execution environment or input sanitization is flawed.
能力评估
Purpose & Capability
The SKILL.md describes a Slybroadcast voicemail sender (including optional ElevenLabs TTS), which is coherent with the name. However the registry metadata lists no required env vars, binaries, or code files while the SKILL.md requires SLYBROADCAST_* credentials, ElevenLabs keys, and an npm workspace @fub/slybroadcast-voicemail. The declared manifest (no code, no install) does not align with what the instructions expect.
Instruction Scope
Instructions ask the agent/operator to run npm workspace commands, start an MCP server, stage local/AI-generated audio to a public URL, and rely on multiple environment variables. The skill's instructions reference filesystem staging and public URLs (possible data exfiltration vector) and expect an npm package that is not present in the bundle. The instructions also allow making audio files publicly reachable for Slybroadcast to fetch, which could leak sensitive recordings if misused.
Install Mechanism
There is no install spec and no code files, yet the SKILL.md instructs running npm workspace commands referencing @fub/slybroadcast-voicemail. That implies the skill expects external code to be present or installed, but provides no guidance where to obtain it. This gap is incoherent and increases risk (agent or user might be prompted to fetch/execute third-party code from unknown sources).
Credentials
The environment variables listed in SKILL.md (SLYBROADCAST_* plus ELEVENLABS_* and staging-related variables) are appropriate for the stated functionality, but none are declared in the skill metadata. The mismatch between declared and required env vars is a red flag. Requiring staging of audio to a public URL also broadens the data-sensitivity surface (public exposure of recordings).
Persistence & Privilege
The skill does not request always:true and is user-invocable; model invocation is allowed (normal). It does not claim to modify other skills or require elevated persistent system privileges in the manifest.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install slybroadcast-voicemail - 安装完成后,直接呼叫该 Skill 的名称或使用
/slybroadcast-voicemail触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Expanded description: Skill now supports Slybroadcast campaigns via CLI or MCP, including AI voice generation and detailed campaign controls.
- Updated environment variable requirements and fallback logic (e.g., allow UID or EMAIL).
- Clarified setup and configuration for both local/AI-generated audio and ElevenLabs TTS.
- Added clear CLI usage examples for all input modes (account recording, audio URL, AI-generated, uploaded list).
- Documented additional MCP tool commands for campaign and audio management.
- Noted Slybroadcast API handling of time zones and delivery formats.
v0.1.1
Declare required env metadata; remove hard-coded user paths; document secure credential handling and TTS c_url flow.
v0.1.0
Initial release of slybroadcast-voicemail skill.
- Send voicemail drops via Slybroadcast CLI, with optional ElevenLabs text-to-speech audio.
- Supports campaign creation, listing uploaded audio, and checking campaign status.
- All commands require local Slybroadcast CLI and correct env vars.
- Preview commands before sending; only execute with explicit user permission.
- Includes setup and error handling guidelines.
元数据
常见问题
Slybroadcast Voicemail 是什么?
Send Slybroadcast ringless voicemail campaigns from OpenClaw/LLMs using CLI or MCP, including AI voice generation (ElevenLabs or generic HTTP voice API) and... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 749 次。
如何安装 Slybroadcast Voicemail?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install slybroadcast-voicemail」即可一键安装,无需额外配置。
Slybroadcast Voicemail 是免费的吗?
是的,Slybroadcast Voicemail 完全免费(开源免费),可自由下载、安装和使用。
Slybroadcast Voicemail 支持哪些平台?
Slybroadcast Voicemail 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Slybroadcast Voicemail?
由 danielfoch(@danielfoch)开发并维护,当前版本 v1.0.0。
推荐 Skills