Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
video-transcript-pro
v2.3.0自动转录视频音频,智能修正润色并生成逐字稿及知乎、微信、小红书多平台发布稿,支持用户个性化定制。
⭐ 1· 90·0 current·0 all-time
byYi,Li (李祎)@artminding
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (video/audio transcription, polishing, multi-platform outputs) match the included files: two Python transcription scripts using faster-whisper/faster_whisper and a detailed SKILL.md. Required binaries/credentials/configs are none — proportionate for a local transcription skill that expects Python and Whisper-related packages.
Instruction Scope
SKILL.md stays on-task (transcribe → auto-correct → polish → format for platforms). It instructs the agent to perform automatic web searches ('知识补充(联网搜索)') without asking the user and to record user preferences in MEMORY.md. That behavior is plausible for improving outputs but means transcript content may be sent to external search/fetch tools (depending on the agent's browsing/web tools). Also the skill auto-continues after 3 minutes if the user doesn't reply.
Install Mechanism
No install spec is provided (instruction-only + Python scripts). The code depends on faster-whisper/ctranslate2/Whisper-style models which are expected for this purpose; model downloads and native GPU libraries are normal for Whisper usage. There are no downloads from untrusted URLs in the package manifest.
Credentials
The skill declares no required environment variables or credentials. The scripts access local files and GPU libraries (DLL paths) which is appropriate. One operational note: SKILL.md expects to use web_search/web_fetch but declares no API keys — the agent will rely on whatever browsing/web tools are available, which could cause network transmission of transcript text if enabled.
Persistence & Privilege
always:false (no forced global presence). The skill writes/reads a local MEMORY.md to remember user preferences (explicit in SKILL.md), which is reasonable but is persistent local state. The combination of auto-continue (3-minute timeout) and Automatic web searches means the skill can act autonomously on user content unless the agent's web/tools are restricted.
Assessment
The skill appears to do what it claims (local faster-whisper transcription + automated polishing and multi-platform formatting). Before installing, consider: 1) Privacy — SKILL.md says it will perform automatic web searches to add background info and will do so without asking; if your transcripts contain sensitive data that could be sent to external search endpoints, disable browsing/web tools or avoid using this skill for sensitive content. 2) Local requirements — it expects Python and faster-whisper/ctranslate2; models and GPU libraries may be downloaded/used locally. 3) Persistence — it saves user preferences to MEMORY.md in the working directory. 4) Behavior control — the skill auto-continues after a 3-minute timeout; if you want manual approval for network lookups or publication, change that workflow or monitor the session. If you require higher assurance, review the two Python files and run the scripts in an isolated/test environment with non-sensitive sample files first.Like a lobster shell, security has layers — review code before you run it.
latestvk97fxns4e8vjrb67nmkaef22a983x0eg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.