Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Expression Coach 表达力训练教练
v1.1.0个人表达能力训练教练。支持即兴话题练习(AI评分+反馈)、职场/社交场景角色扮演模拟、表达框架速查、 自定义话题管理、进步追踪与数据分析、每日表达力Tips推送。 语音优先,通过 Whisper 转写分析口语特征(填充词、停顿、流畅度)。 支持飞书 Bitable 自动记录练习数据(可选)。 触发关键词:练口才、...
⭐ 0· 190·0 current·0 all-time
byAndre@andrelyl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill is a voice-first expression coach and it declares/uses the Whisper binary for speech-to-text and (optionally) Feishu Bitable for persistence. Requiring Whisper and providing a pip install entry for openai-whisper is consistent with the described functionality. No unrelated credentials or system paths are requested.
Instruction Scope
The SKILL.md gives detailed runtime instructions that stay inside the stated purpose (transcribe audio, analyze pauses/fillers, give feedback, optionally sync practice records to Feishu Bitable). Two minor scope notes: (1) it instructs the agent to write a local config.json containing app_token and table_id when the user provides a Bitable link — this appropriately supports optional persistence but means a token will be stored on disk; (2) the skill says it will provide voice playback (TTS) but does not declare a TTS binary or explain whether TTS is local or routed via an external service, which should be clarified for privacy/implementation reasons.
Install Mechanism
The SKILL.md metadata includes an install hint to pip-install openai-whisper (a public PyPI package) and requires the whisper binary. This is proportionate to a speech-transcription skill. There are no downloads from obscure URLs, no extract-from-arbitrary-archive steps, and no unusual install locations.
Credentials
The skill requests no environment variables or platform credentials in its declared metadata. The only credential-related action is optional: the user may provide a Feishu Bitable link and the agent will extract an app_token and store it in config.json. That is consistent with the optional Bitable integration and not disproportionate to the stated purpose.
Persistence & Privilege
always:false and no elevated privileges are requested. The skill writes its own config.json when the user opts into Bitable integration (normal behavior). Autonomous invocation is allowed (platform default) but is not combined with broad credential access or always:true, so no extra privilege concerns.
Assessment
This skill appears coherent for a voice-first expression coach, but review the following before installing: 1) Whisper usage and privacy: confirm whether transcription is performed locally (openai-whisper runs locally) or uploaded to a remote API in your deployment—if audio is uploaded, that affects privacy. 2) Stored tokens: if you enable Feishu Bitable, the agent will request a link and store the extracted app_token and table_id in a local config.json; treat that token as sensitive and revoke it if you later disable integration. 3) TTS behavior: the skill promises voice playback but doesn't declare how TTS will be implemented — ask the maintainer or check runtime hooks to know whether audio is synthesized locally or sent to a third-party service. 4) Resource expectations: the SKILL.md recommends large-v3/word_timestamps for best accuracy; confirm your device has capacity or choose a smaller model. If these points are acceptable and you trust the runtime environment, the skill is internally consistent and implementable.Like a lobster shell, security has layers — review code before you run it.
latestvk977fnxaan454fjazz1h2vddss82z4an
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binswhisper