xeon_asr
WarnAudited by ClawScan on May 10, 2026.
Overview
The package is advertised as ASR, but the artifacts implement a persistent TTS and voice-cloning service that changes OpenClaw configuration and installs external components.
Do not install this if you are looking for xeon_asr speech-to-text. First verify the package identity and source, review install.sh/setup_env.sh, understand that it creates persistent local TTS services, and disable or remove the systemd units if you do not want them running.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user expecting speech transcription could install a different capability: local speech generation and voice cloning.
The skill says it must not perform ASR/STT, directly contradicting the supplied registry description of an ASR voice-to-text skill.
以下场景禁止走 xeontts:识别语音 / 语音转文字 / STT / ASR
Do not approve this under the xeon_asr listing unless the registry metadata, slug, package contents, and user-facing description are reconciled.
Starting or stopping this skill could disrupt other local skills, gateways, or applications.
This process-kill pattern is not scoped to this skill's server path or PID and could terminate unrelated Node.js services named server.js.
pkill -f "node.*server.js" 2>/dev/null || true
Replace broad pkill usage with PID-file, port-specific, or full-path-scoped process management.
A compromised or changed upstream installer/package could execute code during setup.
The installer downloads and executes a remote installer without an artifact-pinned checksum; the same setup flow also installs external packages/models.
wget --timeout=120 -q "$conda_url" -O /tmp/miniconda.sh || curl -fsSL ...; bash /tmp/miniconda.sh
Pin versions, verify checksums/signatures, and document all external installation sources before installation.
The TTS services may continue running after installation and restart after crashes or login unless explicitly disabled.
The skill installs persistent user-level services that start immediately and restart automatically.
Restart=always ... systemctl --user enable --now "$TTS_UNIT_NAME"
Require clear user approval for persistence and provide a disable/uninstall command using systemctl --user disable --now.
Installing may alter system packages, not just files inside the skill directory.
The installer may use sudo to install OS packages, which is a privileged local environment change not reflected in the registry requirements.
$SUDO apt-get install -y wget curl git lsof net-tools unzip bzip2 ca-certificates ffmpeg
Review the dependency installation step and use --skip-deps or a manual package install path if you do not want the skill invoking sudo.
Voice reference files, generated audio paths, and workflow state can remain locally available and influence later clone/TTS steps.
The workflow persists per-session state and file paths for reference audio and generated outputs.
sessionStateFile: './runtime/session_state.json' ... referenceAudioPath: null ... lastOutputPath: null
Confirm the 7-day retention behavior is acceptable, restrict file permissions, and clear runtime/references/outputs when no longer needed.