The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill dynamically resolves and imports the OpenClaw extension API from the filesystem at runtime in src/core-bridge.ts. While it includes integrity checks such as verifying the package name in package.json, the use of dynamic imports on computed paths is a significant execution capability.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted audio data from Discord voice channels, transcribes it into text, and interpolates it into the agent's system prompt.
Ingestion points: User audio transcribed in index.ts via various STT providers.
Boundary markers: The prompt construction in index.ts uses instructional text but lacks structural delimiters (like XML tags) to isolate untrusted transcriptions.
Capability inventory: The integrated agent has full access to tools, which may include subprocess execution and network operations.
Sanitization: Transcribed text is used as-is without filtering for injection patterns or adversarial instructions.- [EXTERNAL_DOWNLOADS]: The skill makes network requests to several well-known third-party services for core functionality, including OpenAI, ElevenLabs, Deepgram, and Amazon Polly. It also downloads model weights from HuggingFace via the Xenova/Transformers library. These interactions are documented and target established service providers.

discord-voice