listenhub

Trust Score 58/100

Explain anything — turn ideas into podcasts, explainer videos, or voice narration. Use when the user wants to "make a podcast", "create an explainer video", ...

triggers:quality playbookspec auditcouncil of three

GitHub SKILL.md

What it does

Explain anything — turn ideas into podcasts, explainer videos, or voice narration. Use when the user wants to "make a podcast", "create an explainer video", "read this aloud", "generate an image", or share knowledge in audio/visual form. Supports: topic descriptions, YouTube links, article URLs, plain text, and image prompts.

When to use it

Auto-detected from SKILL.md: use when running a quality playbook or spec audit across repositories.

What's included

Scripts: yes
References: no
Instructions: Derived from the SKILL.md body.

Compatible agents

claude, gpt, gemini, codex

Audit Summary

ListenHub is an API-wrapper skill for converting text/URLs into podcasts, explainer videos, TTS audio, and AI-generated images. The SKILL.md is comprehensive with clear mode detection, examples, and constraint documentation. Scripts are well-structured with proper arg parsing, validation, and usage messages. However, lib.sh contains an auto-update mechanism that downloads and replaces scripts from GitHub without user confirmation — a significant security concern. generate-image.sh auto-installs system packages via sudo. Scripts failed in test due to lib.sh sourcing issues in isolated temp dir and missing API key.

Watch Out

lib.sh auto-updates by downloading scripts from GitHub and replacing local copies without confirmation — potential supply chain risk
generate-image.sh attempts sudo apt-get install when jq is missing
Hardcoded AGENT_SKILLS_CLIENT_ID in both lib.sh and generate-image.sh
Scripts require LISTENHUB_API_KEY environment variable to function
lib.sh sources ~/.zshrc/~/.bashrc via eval — potential info leak
generate-image.sh writes API key and output dir to user's shell RC files

Missing Dependencies

jq (generate-image.sh tried to auto-install via sudo)

Notes

Auto-update mechanism in lib.sh is the biggest concern: it silently downloads and replaces all .sh files from GitHub when a newer version is detected. While not malicious, this is a supply chain attack vector. The hardcoded client ID (PJBkELS1o_q9nJ~NzF2_Fmr21TNX&~eoJR49FFdFhD3U) appears in both lib.sh and generate-image.sh — this seems to be an OAuth client identifier rather than a secret, but should be in config rather than hardcoded. Scripts have good structure and documentation but the auto-update and auto-install behaviors are aggressive for a skill.

Information

Repository: openclaw-master-skills
Stars: 2,046
Installs: 0

Trust Score

Overall58

Security47

Code Quality72

Architecture63

Usefulness68

More from openclaw-master-skills

Prompt Engineering Patterns

A practical collection of prompt engineering techniques and patterns for building reliable, controllable LLM prompts: CoT, few-shot, structured outputs, templat

Popup CRO

Design and optimize popups, modals, banners, and slide-ins to increase conversions without harming user experience or SEO.

Bagman — Secure Key Management

Secure key-management patterns and operational guardrails for AI agents that need to handle private keys, session keys, and secrets safely.

Atlassian Confluence Expert

Manage Confluence spaces, templates, permissions, and documentation workflows; create page hierarchies, macros, and templates for knowledge bases.

Superfluid Protocol Knowledge Base

Comprehensive developer-oriented reference for Superfluid Protocol: ABIs, forwarders, SDKs, automation, and common gotchas for building streaming-money apps.

JACS Cryptographic Provenance

Post-quantum cryptographic signing and verification for agents: sign documents, verify provenance, claim HAI.ai usernames, and send/receive signed email.

KIPRIS CLI

CLI wrapper around KIPRIS Plus OpenAPI to fetch Korean patents, trademarks, and designs and return normalized JSONL for agent consumption.

Video Call Agent

Initiate real-time video calls with a custom AI avatar (Runway Characters) that opens the conversation and returns a transcript and recording for follow-up.

InkOS - Autonomous Novel Writer

CLI agent for end-to-end fiction writing: draft, audit (33-dimension), revise, import/export and multi-genre support (English & Chinese).

ATXP — Agent Infrastructure & Paid Tools

Provides agents a funded identity (wallet, email) plus paid API tools: web search, image/video/music generation, SMS/voice, email, and an LLM gateway — useful w

Related Skills

Starlark Dev

Create, debug, and test Kurtosis Starlark packages — write package structure, run dry-runs, and inspect plan execution for reliable orchestration.

Run Execute

Orchestrates execution of work items across modes (autopilot, confirm, validate) with scripted init/complete tooling, plan/test/report artifacts and strict gati

Alpha Forge Pre-Ship Quality Gates

Pre-merge quality gates for PRs that validate RNG determinism, forked URLs, runtime parameter ranges, and manifest synchronization to reduce review cycles.

OpenTestAI

Automated, high-confidence AI testing: bug detection, persona feedback, and prioritized test-case generation using many specialized tester profiles.

Blender Build-Go (bgo)

Automate build → remove → install → enable → launch cycle for Blender extensions or add-ons to speed up iteration and CI workflows.

Overnight — Autonomous Long-Running Coding

Orchestrates long-running coding goals: decomposes objectives into atomic tasks, dispatches isolated worktree workers, verifies acceptance criteria, and merges

EventKit Integration (iOS/macOS)

Expert EventKit patterns for iOS/macOS: permissions, bidirectional sync, zero-width identity signatures, batch operations, and zombie-task handling.

Minimal Run & Audit (repro reporting)

Execute a README-first smoke test and produce standardized reproducibility outputs (`repro_outputs/`) and PATCHES.md — trusted reporting for repo reproduction r

listenhub

What it does

When to use it

What's included

Compatible agents