speech-recognition
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Audio files you ask it to transcribe can leave your device/account environment and be processed by SiliconFlow.
The skill explicitly sends audio to an external transcription provider; this is central to the purpose and disclosed, but audio may contain private speech.
POST https://api.siliconflow.cn/v1/audio/transcriptions ... 隐私:音频会上传到硅基流动服务器
Use it only for audio you are comfortable sending to SiliconFlow, and check the provider's privacy/retention terms for sensitive recordings.
Anyone who can access the configured API key could use your SiliconFlow account quota or permissions.
The skill needs a SiliconFlow bearer token from local configuration or an environment variable; this is expected for the API integration, but it is a credential users must protect.
在 `~/.openclaw/openclaw.json` 中配置: ... "apiKey": "sk-xxx" ... api_key = os.environ.get('SILICONFLOW_API_KEY')Store the key only in the intended OpenClaw config or environment, use a dedicated/revocable key if possible, and do not paste real keys into chats or shared files.
Running the documented conversion may overwrite the named temporary output and requires local command execution.
The instructions include local FFmpeg and Python command examples to convert and submit audio. These commands are purpose-aligned and not hidden, but they depend on local tools and write a fixed temporary output.
ffmpeg -i /path/to/audio.ogg -ar 16000 -ac 1 /tmp/audio.mp3 -y ... python3 -c "import requests ..."
Run commands only for audio files you intend to transcribe, avoid reusing sensitive fixed temp paths, and ensure ffmpeg/python dependencies are trusted.