Back to skill
Skillv1.1.1
ClawScan security
Asr Claw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 13, 2026, 4:21 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill generally matches its stated purpose (audio transcription) but the runtime instructions contain inconsistencies and undeclared behaviors (auto-downloads, large model installs, and use of cloud API keys) that the registry metadata didn't declare — you should review what will be downloaded and what credentials you supply before installing.
- Guidance
- This skill appears to be a legitimate speech-to-text tool, but before installing you should: (1) verify the binary release and checksum on the GitHub repo (prefer a pinned release rather than 'latest'), (2) be prepared for large model downloads (GBs) and possible local builds, (3) only provide cloud API keys (OpenAI/Deepgram/Doubao) if you trust the service and the plugin, (4) avoid pointing model_path to directories with sensitive files, and (5) confirm whether the platform will actually perform the auto-download/installation described in SKILL.md since the registry metadata omitted an install spec. If you need higher assurance, run the plugin in an isolated environment or review the released binary artifact contents first.
Review Dimensions
- Purpose & Capability
- noteThe name/description (ASR CLI for transcription) aligns with the commands and engines listed. Requiring an asr-claw binary and supporting local/cloud ASR engines is expected. However, the registry metadata claims 'no install spec' while the SKILL.md includes an install block (download from GitHub releases) and auto-install behavior, which is an inconsistency worth noting.
- Instruction Scope
- concernSKILL.md instructs the agent to download/run binaries, install large local models (~1.9–3.4GB), read/write settings in ~/.asr-claw/config.yaml, and use cloud APIs. It also shows examples that rely on OPENAI_API_KEY, DEEPGRAM_API_KEY, DOUBAO_API_KEY and other env vars — but those credentials are not declared in the registry metadata. The instructions allow pointing model_path at arbitrary local directories, which grants the skill access to user files in that path. These behaviors expand the runtime scope beyond what the registry summary stated.
- Install Mechanism
- noteSKILL.md specifies a download from GitHub releases (https://github.com/llm-net/asr-claw/releases/latest/download/...), dest bin/asr-claw, and a checksum_url. GitHub releases is a normal source, and a checksum is provided, but the use of the 'latest' release (rather than a pinned version) increases upgrade/attack surface. The registry itself omitted an install spec even though SKILL.md contains one — an inconsistency to verify.
- Credentials
- concernCloud-engine examples require provider API keys (OpenAI, Deepgram, Doubao) which are reasonable for cloud transcription, but the registry lists no required env vars. The SKILL.md therefore expects undeclared credentials. Also the settings allow specifying arbitrary model_path and binary_path locations, which can expose local filesystem contents if misused. The requested access is plausible but not properly declared.
- Persistence & Privilege
- okThe skill is not marked 'always:true' and does not request system-wide privileges. It may create files under its own plugin directory and ~/.asr-claw (configs and models) as part of normal operation, which is expected for a local ASR tool.