扫描报告
0 /100
wecom-voice
Send native voice messages to WeCom using Windows TTS
Legitimate WeCom voice message tool with all capabilities properly declared in SKILL.md.
可以安装
This skill is safe to use. No security concerns identified.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | WRITE | WRITE | ✓ 一致 | Writes to ~/.openclaw/media/inbound/ - documented in SKILL.md |
| 命令执行 | WRITE | WRITE | ✓ 一致 | execSync calls PowerShell and FFmpeg - documented in SKILL.md |
目录结构
2 文件 · 3.8 KB · 134 行 JavaScript 1f · 72L
Markdown 1f · 62L
├─
▾
scripts
│ └─
send-voice.cjs
JavaScript
└─
skill.md
Markdown
安全亮点
✓ All shell operations (PowerShell TTS, FFmpeg conversion) are documented in SKILL.md
✓ No credential harvesting or environment variable enumeration
✓ No network exfiltration or external IP connections
✓ No base64/eval obfuscation or hidden instructions
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No remote script execution (curl|bash or wget|sh)
✓ All file operations confined to application directory (~/.openclaw/media/inbound/)
✓ No suspicious dependencies with known vulnerabilities