Back to skill
Skillv1.0.1
VirusTotal security
U2-audio-file-transcriber · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:52 AM
- Hash
- c0371ce20b0d985e663a18a318e5902391437e28a8a57e08e68a5de556ad82f2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: u2-audio-file-transcriber Version: 1.0.1 The skill facilitates audio transcription via the UniSound API but contains significant security vulnerabilities. It uses an unencrypted HTTP endpoint (http://af-asr.uat.hivoice.cn) for uploading audio files, which risks exposing sensitive data to interception. Additionally, SKILL.md provides hardcoded UAT test credentials (AppKey/Secret), and scripts/transcribe.py contains a hardcoded vocab_id. While the behavior aligns with the stated purpose, the lack of transport encryption and inclusion of credentials warrant a suspicious classification.
- External report
- View on VirusTotal