Safety & Security
VoiceUse implements multiple layers of safety to protect your system from accidental or malicious voice commands.
Spoken Confirmation
Before any destructive action, VoiceUse:
- Speaks a confirmation prompt — e.g., "You asked me to close the window. Should I proceed?"
- Listens for your response — Waits for spoken confirmation
- Acts on your answer:
- Proceeds on:
yes,yep,yeah,sure - Cancels on:
no,nope,cancel, timeout (10s), or any other response
- Proceeds on:
Destructive Keyword Detection
The following keywords trigger confirmation:
safety:
destructive_keywords:
- close
- quit
- delete
- remove
- kill
- terminate
- shutdown
- reboot
- format
- rm -rf
- type password
- enter password
- input passwordYou can customize this list in your config.yaml.
Shell Command Allow-List
System commands run through an allow-list by default. Unknown commands are blocked with an error message.
By default, shell=False is used. Commands not in the allow-list are rejected. This prevents accidental execution of dangerous commands.
Audit Logging
Every tool call is logged to an audit trail:
# Logged automatically
tool_name: "open_app"
arguments: {"app_name": "Chrome"}
result: "success"
timestamp: "2024-01-15T10:30:00Z"Audit logs help you review what VoiceUse did and debug issues.
Password Protection
VoiceUse explicitly detects password entry attempts:
"type password""enter password""input password"
These always trigger confirmation and are logged.
Best Practices
- Review your config — Check
destructive_keywordsmatches your workflow - Start with
--dry-run— Test without API calls first - Monitor audit logs — Regularly check what actions were taken
- Use aliases — Prevent STT errors from resolving to dangerous app names
- Keep API keys secure — Use environment variables, never commit keys
Reporting Security Issues
If you discover a security vulnerability, please open an issue on GitHub or contact the maintainers directly.