Skillv1.0.6

ClawScan security

Fun ASR Nano Transcribe · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 3:37 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The package is a coherent offline-capable Chinese ASR skill, but its runtime instructions include automatic service startup and an API endpoint that can transcribe arbitrary local file paths — behaviors you should review before installing or running on sensitive systems.
Guidance: This skill appears to implement what it claims (local ASR) but contains two behaviors you should consciously accept before installing or running it: (1) automatic service startup and automatic transcription rules in SKILL.md that let the agent start a persistent FastAPI server without an explicit per-use prompt, and (2) an API endpoint (/transcribe/path) that will open and transcribe any local file path you provide. Recommendations: (a) Review and, if needed, remove or modify the automatic-start/automatic-transcription logic before enabling autonomous use; (b) If you will run it, do so on a machine where reading arbitrary files is safe (not on systems with sensitive recordings or secrets); (c) Run the service behind localhost-only networking (it already binds to 127.0.0.1 by default) and do not expose it to untrusted networks; (d) Inspect and, if desired, remove the /transcribe/path endpoint or restrict it to specific directories to avoid accidental file access; (e) If you want stronger containment, run inside a sandboxed VM or container and review logs (/tmp/funasr_api.log) and the PID file; (f) If you plan to download the model via ModelScope, be aware that will use network access and may require credentials for private models.

Review Dimensions

Purpose & Capability: okName/description, included code, and dependencies align: this is an ASR transcribe skill (local model, CLI and FastAPI server, model management scripts). The provided files (transcribe, FastAPI, download/verify scripts) are appropriate for the stated purpose.
Instruction Scope: concernSKILL.md and the code instruct the agent to auto-start a FastAPI service and to automatically transcribe audio when only audio is received. The API exposes a /transcribe/path endpoint that will read any local filesystem path provided and transcribe it — this allows the skill to access arbitrary local files. The auto-start/automatic-transcription rules grant the agent discretion to run persistent services and process user files without explicit per-file confirmation, which broadens the skill's operational scope beyond a single-use CLI.
Install Mechanism: noteThe skill is instruction-only (no platform install spec), but includes setup_venv.sh which installs dependencies (torch, funasr, modelscope, etc.) via pip and uses PyTorch's CPU wheel index. That's expected for a local model skill; nothing is downloaded from obscure URLs. Model acquisition can optionally call ModelScope (network).
Credentials: okThe skill does not request credentials or extra environment variables in metadata. It sets a local FUNASR_DEVICE env var at runtime for device selection, which is appropriate. There are no unrelated or unexplained secret/env requirements.
Persistence & Privilege: concernalways is false (good). However, the skill is explicitly designed to run a persistent local FastAPI server (start_server.sh, api_client auto-launch via nohup, PID file in /tmp) and SKILL.md instructs the agent to auto-start the service under some conversational conditions. Persistent local services plus automatic startup increase the practical blast radius (keeps model/process running and able to access local files) and therefore require user attention.