Scan Report
0 /100
wecom-voice
Send native voice messages to WeCom using Windows TTS
Legitimate WeCom voice message tool with all capabilities properly declared in SKILL.md.
Safe to install
This skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | Writes to ~/.openclaw/media/inbound/ - documented in SKILL.md |
| Shell | WRITE | WRITE | ✓ Aligned | execSync calls PowerShell and FFmpeg - documented in SKILL.md |
File Tree
2 files · 3.8 KB · 134 lines JavaScript 1f · 72L
Markdown 1f · 62L
├─
▾
scripts
│ └─
send-voice.cjs
JavaScript
└─
skill.md
Markdown
Security Positives
✓ All shell operations (PowerShell TTS, FFmpeg conversion) are documented in SKILL.md
✓ No credential harvesting or environment variable enumeration
✓ No network exfiltration or external IP connections
✓ No base64/eval obfuscation or hidden instructions
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No remote script execution (curl|bash or wget|sh)
✓ All file operations confined to application directory (~/.openclaw/media/inbound/)
✓ No suspicious dependencies with known vulnerabilities