Volcengine Ata Subtitle
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to do what it says—subtitle alignment through Volcengine—but it uses service credentials and sends the selected audio/text to an external API.
Before installing, confirm you are comfortable sending the chosen audio and transcript to Volcengine, keep the API base URL pointed at a trusted endpoint, store the access token/config file securely, and avoid adding the secret_key unless the provider workflow truly requires it.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private audio or transcript content may be processed by Volcengine or any configured API base URL.
The selected audio and transcript are sent to the configured ATA API endpoint. This is central to the skill's purpose, but users should understand that media/text content leaves the local machine.
payload = { ... "audio": audio_data, "text": text, ... }; response = requests.post(url, json=payload, headers=headers)Use only with files you are comfortable sending to the provider, and keep VOLC_ATA_API_BASE/base_url set to the official Volcengine endpoint unless you intentionally use another trusted endpoint.
Anyone who obtains the token could potentially use the user's Volcengine speech API access.
The tool uses a Volcengine access token to authenticate API calls. This is expected for the integration, but the token is a sensitive credential.
self.token = token or os.environ.get('VOLC_ATA_TOKEN') ...; "Authorization": f"Bearer; {self.token}"Store the token securely, avoid sharing config files or command histories containing tokens, and rotate the token if it is exposed.
An unnecessary secret stored in ~/.volcengine_ata.conf could increase the impact if that local config file is exposed.
The config example asks for a secret_key, while the visible code authenticates with appid/access_token. This may lead users to store an extra sensitive credential locally even if it is not needed.
secret_key = your-secret-key
Only place credentials required for the actual workflow in the config file, and restrict permissions on any credential file.
Future installs may use a different requests version than the author tested.
The dependency is listed without a pinned version. It is a common and purpose-aligned dependency for HTTP API calls, but unpinned packages leave installation dependent on whatever version is resolved later.
"dependencies": ["requests"]
Prefer pinned or otherwise controlled dependency installation when packaging or deploying this skill.