← 返回 Skills 市场
yukihamada

Voice UI

作者 yukihamada · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1803
总下载
0
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install voice-ui
功能描述
Self-evolving voice assistant UI. Talk to your AI, ask it to improve itself, and watch the code update in real-time.
安全使用建议
Key points to consider before installing: - Secret exposure: The server exposes OPENAI_API_KEY via GET /api/key and sets Access-Control-Allow-Origin: *. That means webpages on other origins can read your API key from the running local server — remove or restrict this endpoint before use. A safer design is to keep the API key on the server side and perform OpenAI requests from server endpoints only. - Manifest mismatch: The registry claims no required env vars, but SKILL.md, start.sh, and server.cjs expect OPENAI_API_KEY and a local OpenClaw CLI. Treat the manifest as incomplete and assume the skill needs those secrets and a local OpenClaw binary. - Hardcoded paths: server.cjs and CONTEXT.md reference /Users/yuki/... and a specific OpenClaw binary path. Edit the code to make the OpenClaw path and workspace configurable (do not run code that assumes another user's home). - Self‑editing & auto‑commit: The skill is explicitly designed to let an agent modify local files and auto‑git commit changes. That is powerful but dangerous — only run it in a directory you trust, and review diffs before pushes. Consider running inside a disposable VM/container or a throwaway git repo until you verify behavior. - What to change before running: restrict CORS, remove or lock down /api/key, make OPENCLAW path and workspace configurable via environment variables, and ensure start.sh does not silently cat your ~/.openclaw file if you don't want that. Audit the OpenClaw 'voice' agent configuration and permissions (what tools it can invoke, whether it can run shell commands or push to remote repos). - How to test safely: run in an isolated container or ephemeral user account without network access to sensitive remotes; start the server without an API key first to see error behavior; inspect console logs; and run git status/diff before allowing any auto-commit/push. Given the mismatches and the exposed API key behavior, treat this skill as suspicious until you harden it and confirm it only performs actions you approve.
功能分析
Type: OpenClaw Skill Name: voice-ui Version: 1.0.0 This skill is classified as suspicious due to its explicit granting of high-risk capabilities to the AI agent. The `CONTEXT.md` and `server.cjs` files contain direct instructions for the AI agent to modify local files (e.g., `/Users/yuki/.openclaw/workspace/voice-ui/index.html`) and execute shell commands (`git add -A && git commit`). While these actions are central to the skill's stated 'self-evolving' purpose, they represent significant file system write and arbitrary command execution capabilities that could be exploited through prompt injection against the agent. Additionally, the `server.cjs` exposes the `OPENAI_API_KEY` via a local API endpoint (`/api/key`), which is then used directly by `index.html` for client-side OpenAI API calls, making the key accessible in the browser.
能力评估
Purpose & Capability
The skill claims a self‑evolving voice UI and does call an OpenClaw agent and OpenAI (Whisper/TTS), which is plausible. However the registry metadata lists no required env vars while SKILL.md and the server expect OPENAI_API_KEY. The server also hardcodes a single-user OpenClaw binary path (/Users/yuki/...) and CONTEXT.md refers to that same user workspace path — these are environment-specific and not declared in the manifest, which is inconsistent.
Instruction Scope
SKILL.md/CONTEXT.md instruct the agent to edit local files (index.html in a workspace) and to auto‑git commit changes ('git add -A && git commit ...'). The server forwards user messages to the local OpenClaw CLI, which could cause the agent to perform arbitrary local edits. The client fetches /api/key and uses that key in browser-origin requests (client-side calls to OpenAI). The runtime instructions therefore permit automated modification of local code + commits and expose an API secret to client JavaScript — both are broader privilege/scope than a simple UI widget.
Install Mechanism
No external download/install spec; the package is instruction + code that npm install will pull 'ws' from npm (package-lock.json references npm registry). There is no remote archive or URL shortener in the install path. Risk arises from running the bundled start.sh/node server rather than from a dangerous installer mechanism.
Credentials
The package implicitly requires an OpenAI API key (OPENAI_API_KEY) though the registry shows none. start.sh tries to extract the key from ~/.openclaw/openclaw.json, and the server serves that key via GET /api/key. The server also depends on an OpenClaw CLI at a hardcoded user path. Requiring the user's OpenAI key and local OpenClaw CLI is plausible for Whisper/TTS and self‑editing behavior, but the lack of explicit declaration and the way the key is exposed are disproportionate and risky.
Persistence & Privilege
always:false (normal). The skill does not request permanent platform privileges, but it is designed to allow an OpenClaw agent to edit files in your workspace and automatically commit them. That file‑write/commit behavior is part of its purpose but is a high‑impact action that you should only allow if you trust the agent and code. The skill does not appear to alter other skills' configs, but it reads ~/.openclaw config files on startup.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install voice-ui
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /voice-ui 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
voice-ui 1.0.0 - Initial release of a self-evolving voice assistant UI. - Features voice recognition (Whisper) and speech synthesis (TTS). - Cute robot UI with dynamic facial expressions. - Users can instruct the AI via voice to modify and improve its own UI in real-time. - Automatic Git commits for all code changes initiated by voice commands. - Simple local setup and OpenClaw agent integration.
元数据
Slug voice-ui
版本 1.0.0
许可证
累计安装 4
当前安装数 3
历史版本数 1
常见问题

Voice UI 是什么?

Self-evolving voice assistant UI. Talk to your AI, ask it to improve itself, and watch the code update in real-time. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1803 次。

如何安装 Voice UI?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install voice-ui」即可一键安装,无需额外配置。

Voice UI 是免费的吗?

是的,Voice UI 完全免费(开源免费),可自由下载、安装和使用。

Voice UI 支持哪些平台?

Voice UI 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Voice UI?

由 yukihamada(@yukihamada)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论