Skillv1.0.1

ClawScan security

Willow Inference Server · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 3:35 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions match its purpose (running a local Willow ASR/TTS server); nothing requested is out-of-scope, but the setup involves cloning and running third‑party install scripts so inspect those before executing them on your machine.
Guidance: This skill appears coherent for running and using a local Willow ASR/TTS server. Before installing or running anything: 1) review the GitHub repository and the contents of utils.sh and any install scripts to ensure they do only what you expect; 2) run the install in a sandboxed VM or container if you cannot audit the scripts; 3) be careful when generating and installing TLS certificates—use proper hostnames and protect private keys; 4) do not point the agent or other services to the server if you intend it to remain local without network exposure; and 5) note minor endpoint examples (/api/asr vs /asr) in the docs—verify the actual API paths after starting the server.

Review Dimensions

Purpose & Capability: okName/description (local ASR/TTS inference server) aligns with the instructions: it tells you how to run a Willow Inference Server and how to call ASR/TTS endpoints. The resources it asks for (WILLOW_BASE_URL) are appropriate and limited.
Instruction Scope: noteSKILL.md stays within the stated domain (starting the server, setting WILLOW_BASE_URL, and using /asr and /tts endpoints). Minor inconsistencies exist in example endpoint paths (/api/asr vs /asr) and some curl examples vary; otherwise the instructions do not request unrelated files, credentials, or data exfiltration. The guidance to run ./utils.sh install/gen-cert/run is standard for installing a server but grants those scripts full control during setup—inspect them before running.
Install Mechanism: noteThis is an instruction-only skill (no install spec). It directs users to clone a GitHub repo (a known host). Cloning and running repository-provided install scripts (./utils.sh install) is expected here but has moderate risk because those scripts may execute arbitrary operations on the host; prefer reviewing the repo or running in an isolated environment.
Credentials: okNo credentials or sensitive environment variables are required. The only recommended variable (WILLOW_BASE_URL) is proportional and directly relevant to connecting to the local server.
Persistence & Privilege: okThe skill does not request permanent presence (always: false), does not modify other skills, and requires no special agent-wide privileges. Autonomous invocation is allowed by platform default but is not combined with other high-risk factors here.