ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Audio Analyze

High-performance audio transcription and analysis using Gemini 3.1 Pro. Powered by Evolink.ai

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 24 · 0 current installs · 0 all-time installs
by@evolinkai
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The declared purpose (audio transcription via Evolink/Gemini) matches the code: scripts/transcribe.sh base64-encodes audio and posts it to api.evolink.ai. However the registry-level metadata you provided earlier lists no required env vars while SKILL.md and _meta.json and the scripts require EVOLINK_API_KEY (and optionally EVOLINK_MODEL). That metadata mismatch is inconsistent and misleading.
!
Instruction Scope
SKILL.md instructs users to set EVOLINK_API_KEY and run scripts/transcribe.sh (appropriate for the stated purpose). But the repo also contains translate_readme.py which will read README.md and POST it to the same external API (using EVOLINK_API_KEY) and then overwrite README.<lang>.md files — this behavior is not documented in SKILL.md and could leak README content and silently overwrite files. The transcribe script sends entire audio contents to a remote endpoint (expected for cloud transcription) — verify that's acceptable for your data sensitivity.
Install Mechanism
There is no automatic install spec (instruction-only style); dependencies are minimal (requirements.txt lists requests). No arbitrary binary downloads or obscure URLs are used. Installation is manual (pip install -r requirements.txt) which is low to moderate risk and inspectable.
!
Credentials
The skill requires a single external API credential (EVOLINK_API_KEY), which is proportionate to cloud transcription. However the top-level metadata you provided earlier claimed 'Required env vars: none' while both SKILL.md and _meta.json list EVOLINK_API_KEY — that inconsistency is concerning because it can lead users to unknowingly expose a credential. translate_readme.py also reads the same env var and will send repository content to the external service.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or global agent config. It writes translation files to the local workspace when translate_readme.py is run, but otherwise does not request elevated or persistent privileges.
What to consider before installing
This skill appears to implement cloud transcription via Evolink (sending audio data to https://api.evolink.ai), which is consistent with its description — but take these precautions before installing: - Expect to provide EVOLINK_API_KEY; do not supply high-privilege or unrelated secrets. The registry metadata appears to omit this requirement — assume the key is required. - The transcribe script will upload the entire audio file to Evolink. Do not use it with sensitive audio unless you accept sending that data to an external service and have verified Evolink's privacy/security posture. - translate_readme.py will call the same API to translate and will overwrite README.<lang>.md files in the workspace. If you don't want repository content sent or overwritten, do not run that script or inspect/modify it first. - If you need assurance, request clarification from the publisher (EvoLinkAI) and ask them to fix the metadata inconsistency and to document/remove translate_readme.py or make it opt-in. Run the skill in an isolated environment or container and inspect network traffic if you must verify behavior.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.7
Download zip
latestvk97esdgxgms97rc9tsdkrnjf5983w9f2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Audio Analyze

Transcribe and analyze audio/video content with high accuracy. Powered by Evolink.ai

When to Use

  • Transcribing meeting recordings.
  • Analyzing audio file structure (music/speech).
  • Extracting text from long-form audio.

Quick Start

export EVOLINK_API_KEY="your-key-here"
./scripts/transcribe.sh audio.mp3

Configuration

  • EVOLINK_API_KEY (Required): Your API key from Evolink.
  • EVOLINK_MODEL (Optional): Default: gemini-3.1-pro-preview-customtools.
  • Binaries required: python3, curl.

Example

Input: https://evolink.ai/blog/example-audio.mp3 Output: TL;DR: Summary...

Security

  • Data is encrypted and transmitted securely to api.evolink.ai.
  • No local sensitive files are accessed outside the workspace.

Links

Files

14 total
Select a file
Select a file to preview.

Comments

Loading comments…