← 返回 Skills 市场
279
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install voiceclaw-jp
功能描述
Voice conversation interface for OpenClaw using wake word detection, streaming LLM responses, and text-to-speech. Use when a user wants to talk to their Open...
安全使用建议
This skill appears to implement the described voice → OpenClaw → VOICEVOX pipeline, but inspect and be aware of the following before installing:
- The server auto-reads ~/.openclaw/openclaw.json to obtain an OpenClaw gateway token. Confirm you are comfortable with that file being read and that it does not contain secrets you don't want the skill to access. If you prefer, set OPENCLAW_GATEWAY_TOKEN explicitly in a controlled environment instead.
- The registry metadata did not declare the config path or required env vars — treat that as an omission, not a guarantee of safety. Review src/server.js yourself (or run in an isolated VM/container) to confirm behavior.
- SKILL.md and README advise cloning a GitHub repo and running npm install; ensure you clone the intended upstream repository and verify its integrity. Running code from GitHub and npm packages should be done from trusted sources.
- The skill will make network calls to the configured OpenClaw gateway and VOICEVOX endpoints. Ensure those endpoints are local or trusted and that tokens used have limited privileges.
- Recommended mitigations: run the skill in an isolated environment (container/VM), audit the bundled server.js for any unexpected data exfiltration, and explicitly set environment variables rather than relying on auto-discovery if you want stricter control.
If you want, I can extract the exact lines where the code reads the home config and the env var usage so you can review them quickly.
功能分析
Type: OpenClaw Skill
Name: voiceclaw-jp
Version: 0.1.0
The OpenClaw AgentSkills skill bundle 'voiceclaw-jp' is a voice conversation interface for OpenClaw. It reads the OpenClaw gateway token from `~/.openclaw/openclaw.json` and uses it to authenticate with the local OpenClaw Gateway. It also interacts with a local VOICEVOX TTS service. All file system and network access (to `127.0.0.1` by default) are directly related to its stated purpose. While user input passed to an LLM (via `/api/chat-stream` and `/api/chat` in `src/server.js`) inherently carries a prompt injection risk against the LLM, the skill itself does not craft malicious prompts or exhibit any intentional harmful behavior, data exfiltration, persistence mechanisms, or obfuscation. The `SKILL.md` and `README.md` provide setup instructions for the user, not malicious commands for an AI agent.
能力评估
Purpose & Capability
The code and SKILL.md implement a voice → STT → OpenClaw (streaming) → VOICEVOX TTS pipeline which is coherent with the skill description. However registry metadata claims no required config paths or env vars, while the implementation explicitly reads ~/.openclaw/openclaw.json and honors environment variables like OPENCLAW_GATEWAY_TOKEN, VOICEVOX_URL, etc. The functionality is expected, but the metadata omission is inconsistent.
Instruction Scope
Runtime instructions and server code auto-detect and read a user's home config (~/.openclaw/openclaw.json) to obtain an OpenClaw gateway token. The SKILL.md/README mention this auto-detection, but the registry entry did not declare a config path. Reading a file in the user's home directory is sensitive and should be explicitly declared and reviewed.
Install Mechanism
No formal install spec is present in the registry, but SKILL.md/README instruct users to git clone a GitHub repository and run npm install. The code included in the package is standard Node.js (express, dotenv). Cloning from a GitHub repo is common and traceable, but the registry omission (no official install spec) and reliance on external git clone should be noted by the user.
Credentials
The skill does not declare required environment variables in the registry metadata, yet the server reads multiple env vars (OPENCLAW_GATEWAY_TOKEN, VOICEVOX_URL, etc.) and will auto-read a gateway token from a file in the user's home. Asking for/using a gateway token is appropriate for contacting OpenClaw, but the lack of declared config/credential requirements in the metadata is disproportionate and could surprise users; reading a home config file increases privacy risk.
Persistence & Privilege
The skill is not set to always:true, has no special OS restrictions, and does not modify other skills or global agent configuration. It runs as a normal local server process and requires explicit user invocation to start.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install voiceclaw-jp - 安装完成后,直接呼叫该 Skill 的名称或使用
/voiceclaw-jp触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Release 0.1.0
元数据
常见问题
voiceclaw 是什么?
Voice conversation interface for OpenClaw using wake word detection, streaming LLM responses, and text-to-speech. Use when a user wants to talk to their Open... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 279 次。
如何安装 voiceclaw?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install voiceclaw-jp」即可一键安装,无需额外配置。
voiceclaw 是免费的吗?
是的,voiceclaw 完全免费(开源免费),可自由下载、安装和使用。
voiceclaw 支持哪些平台?
voiceclaw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 voiceclaw?
由 kentoku24(@kentoku24)开发并维护,当前版本 v0.1.0。
推荐 Skills