← 返回 Skills 市场
easwee

Voice Log

作者 Anej Gorkič · GitHub ↗ · v0.1.5
cross-platform ✓ 安全检测通过
695
总下载
2
收藏
4
当前安装
4
版本数
在 OpenClaw 中安装
/install voice-log
功能描述
Background voice journaling with Soniox realtime STT for OpenClaw. Requires SONIOX_API_KEY. Get/create your Soniox API key at https://soniox.com/speech-to-te...
安全使用建议
This skill appears to do what it says: record your microphone and stream audio to Soniox STT using a SONIOX_API_KEY, keep a rolling 60-minute text log, and let you start/stop and request recent summaries. Before installing: 1) Confirm you want continuous microphone capture and trust Soniox (audio is streamed to their realtime STT service). 2) Provide a Soniox API key only if you accept that audio and derived transcripts go to Soniox. 3) Be aware npm install will fetch @soniox/node from the public registry. 4) Inspect and monitor the created .data directory for stored transcripts and logs; rotate or delete it if you need longer-term privacy. 5) Note the small inconsistencies: registry metadata omitted the SONIOX_API_KEY requirement, and the script forwards a few host env vars (PATH, HOME, audio-related vars) to the daemon despite SKILL.md saying only the Soniox key is forwarded — this is likely benign (needed for audio capture) but worth knowing. If you want higher assurance, review the full (untruncated) daemon script and run the skill in a constrained environment or sandbox first.
功能分析
Type: OpenClaw Skill Name: voice-log Version: 0.1.5 The OpenClaw voice-log skill is designed for background voice journaling using Soniox STT. It demonstrates strong security practices, including explicitly limiting environment variables passed to child processes, deleting the `SONIOX_API_KEY` from the daemon's environment after use, and using `spawn` with hardcoded commands/arguments for audio capture to prevent shell injection. All data is confined to a local, hardened `.data` directory. The `SKILL.md` instructions for the AI agent are benign, focusing on controlling output and accurate reporting, with no evidence of prompt injection attempts to subvert the agent's behavior or exfiltrate data. No malicious intent or high-risk vulnerabilities were identified.
能力评估
Purpose & Capability
Name/description, package.json, SKILL.md, and scripts all show a voice-journaling daemon that captures microphone audio and streams to Soniox realtime STT using a SONIOX_API_KEY. Required binaries (node and a microphone capture tool) and the Soniox API key are appropriate and expected for this functionality.
Instruction Scope
Runtime instructions are scoped to starting/stopping a local daemon, maintaining a 60-minute rolling text log, and summarizing recent minutes. The SKILL.md says the daemon environment forwards only SONIOX_API_KEY (and language hints), but the control script actually copies several host env vars (PATH, HOME, LANG, LC_ALL, XDG_RUNTIME_DIR, PULSE_SERVER, ALSA_CONFIG_PATH, DBUS_SESSION_BUS_ADDRESS) into the daemon environment to support audio capture. Those copied vars are reasonable for audio access but are broader than the SKILL.md claim.
Install Mechanism
This is instruction-only with included JS scripts and a package.json. There is no remote arbitrary download in the skill itself. Running npm install will fetch @soniox/node from the npm registry (expected for Soniox integration). This is standard but does pull a third‑party package at install time.
Credentials
The skill legitimately requires SONIOX_API_KEY (declared in SKILL.md, package.json, and used in code). The code does not request unrelated credentials. However, there's a metadata inconsistency: the registry summary at the top of the submission claims 'Required env vars: none' while the embedded SKILL.md and package.json require SONIOX_API_KEY. Also, the control script forwards a handful of host env vars (see instruction_scope) — typically harmless but worth noting since SKILL.md states only the Soniox key is forwarded.
Persistence & Privilege
The skill runs a background daemon (detached child process) and stores state/journal files under ./ .data in the skill directory. always: false and no cross-skill or system-wide modifications are requested. Behavior (writing local files, PID, logs) is consistent with the described purpose.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install voice-log
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /voice-log 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.5
Security hardening and audio capture reliability fixes
v0.1.3
Simplify and cleanup skill code
v0.1.2
Security and trust hardening release focused on compliance with automated safety review and VirusTotal screening expectations. This update resolves metadata consistency by explicitly declaring SONIOX_API_KEY as required, removes custom shell-command audio execution and all bash -lc usage, restricts capture to known binaries (arecord/rec/ffmpeg), keeps explicit user- controlled invocation (implicit invocation disabled), and retains transparent privacy behavior (audio streamed to Soniox only while running; rolling text journal local). Language-hint examples updated to ["en","de"].
v0.1.1
Initial public release of Voice Log for OpenClaw. Adds background Soniox realtime STT journaling with minute timestamps and a rolling 60-minute text-only log. Supports natural commands: 'start voice journal' / 'start voice log', 'end voice journal', and 'summarize what we talked about for last N minutes' (via log retrieval). Start command supports optional Soniox language hints as a JSON array, for example: start voice log ["en","de"], and forwards hints directly as provided. Writes to a data text file.
元数据
Slug voice-log
版本 0.1.5
许可证
累计安装 4
当前安装数 4
历史版本数 4
常见问题

Voice Log 是什么?

Background voice journaling with Soniox realtime STT for OpenClaw. Requires SONIOX_API_KEY. Get/create your Soniox API key at https://soniox.com/speech-to-te... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 695 次。

如何安装 Voice Log?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install voice-log」即可一键安装,无需额外配置。

Voice Log 是免费的吗?

是的,Voice Log 完全免费(开源免费),可自由下载、安装和使用。

Voice Log 支持哪些平台?

Voice Log 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Voice Log?

由 Anej Gorkič(@easwee)开发并维护,当前版本 v0.1.5。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论