by voicetreelab
The spatial IDE for recursive multi-agent orchestration. It's like an Obsidian graph-view that you work directly inside of.
# Add to your Claude Code skills
git clone https://github.com/voicetreelab/voicetreeLast scanned: 5/5/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@chevrotain/cst-dts-gen: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@chevrotain/gast: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@electron/rebuild: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@isaacs/brace-expansion: @isaacs/brace-expansion has Uncontrolled Resource Consumption",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@mermaid-js/parser: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@tootallnate/once: @tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@xmldom/xmldom: xmldom: Uncontrolled recursion in XML serialization leads to DoS",
"severity": "high"
},
{
"type": "npm-audit",
"message": "ajv: ajv has ReDoS when using `$data` option",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "app-builder-lib: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "axios: Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig",
"severity": "high"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "cacache: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "chevrotain: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "dmg-builder: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "dompurify: DOMPurify is vulnerable to mutation-XSS via Re-Contextualization ",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "electron: Electron: AppleScript injection in app.moveToApplicationsFolder on macOS",
"severity": "high"
},
{
"type": "npm-audit",
"message": "electron-builder: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "electron-builder-squirrel-windows: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"severity": "high"
},
{
"type": "npm-audit",
"message": "follow-redirects: follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "glob: glob CLI: Command injection via -c/--cmd executes matches with shell:true",
"severity": "high"
},
{
"type": "npm-audit",
"message": "hono: hono Improperly Handles JSX Attribute Names Allows HTML Injection in hono/jsx SSR",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "http-proxy-agent: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "js-yaml: js-yaml has prototype pollution in merge (<<)",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "langium: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "lodash: Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
"severity": "high"
},
{
"type": "npm-audit",
"message": "lodash-es: Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
"severity": "high"
},
{
"type": "npm-audit",
"message": "make-fetch-happen: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "mermaid: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"severity": "high"
},
{
"type": "npm-audit",
"message": "node-gyp: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "protobufjs: Arbitrary code execution in protobufjs",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "tar: node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal",
"severity": "high"
},
{
"type": "npm-audit",
"message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "vite: Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling",
"severity": "high"
},
{
"type": "npm-audit",
"message": "vite-plugin-top-level-await: Vulnerability found",
"severity": "medium"
}
],
"status": "FAILED",
"scannedAt": "2026-05-05T06:19:17.024Z",
"semgrepRan": false,
"npmAuditRan": true,
"pipAuditRan": true
}voicetree is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by voicetreelab. The spatial IDE for recursive multi-agent orchestration. It's like an Obsidian graph-view that you work directly inside of. It has 890 GitHub stars.
voicetree failed SkillsLLM's automated security scan, which flagged one or more high-severity issues. Review the Security Report section carefully before using it.
Clone the repository with "git clone https://github.com/voicetreelab/voicetree" and add it to your Claude Code skills directory (see the Installation section above).
voicetree is primarily written in TypeScript. It is open-source under voicetreelab on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh voicetree against similar tools.
No comments yet. Be the first to share your thoughts!
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.