Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Azure Speech Service
v1.0.2Azure Speech Service integration. Manage data, records, and automate workflows. Use when the user wants to interact with Azure Speech Service data.
⭐ 0· 70·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (Azure Speech Service integration) matches the instructions (using Membrane CLI to call Azure Speech APIs and run related actions). The skill does not request unrelated permissions or credentials. Minor mismatch: registry metadata lists no required binaries or env vars, but SKILL.md explicitly requires the Membrane CLI, npm, network access, and a Membrane account.
Instruction Scope
SKILL.md confines runtime actions to installing/using the Membrane CLI, logging in (browser or headless flow), creating connections, listing/running actions, and proxying requests to Azure Speech Service. There are no instructions to read unrelated local files, exfiltrate data to unexpected endpoints, or access system paths beyond standard CLI usage. The proxy feature allows arbitrary API calls to Azure (expected for an integration), so the agent could send any Azure Speech API request via Membrane if asked.
Install Mechanism
No platform install spec is embedded in the skill (instruction-only). SKILL.md instructs installing @membranehq/cli via npm (-g), which is a typical but non-zero-risk operation because it downloads and runs third-party code from the npm registry. This is proportionate to the described integration but is a trust decision: the Membrane CLI will be able to manage/authenticate to services on the user's behalf.
Credentials
The skill declares no required env vars, and SKILL.md relies on Membrane to handle authentication, so it does not directly ask for Azure credentials. This is coherent, but it means the Membrane CLI will hold tokens/credentials; users should consider whether they trust that third party with those credentials. No unrelated secrets are requested.
Persistence & Privilege
always:false and autonomous model invocation is allowed by default (normal). The skill does not request permanent platform-wide privileges. The only persistent change implied is Membrane CLI authentication state (its own config/token storage), which is expected for a CLI-based integration.
Assessment
This skill is an instruction-only integration that uses the third-party Membrane CLI to manage Azure Speech Service on your behalf. Before installing or using it: 1) Confirm you trust the @membranehq/cli npm package (review its npm page, source repo, and permissions), because it will hold and refresh your service credentials. 2) Be aware the SKILL.md expects Node/npm, network access, and a Membrane account even though the registry metadata didn't list these—install and run commands manually if you prefer to verify behavior. 3) If you need stronger guarantees, consider using official Azure tooling (Azure CLI or SDK) instead of a proxy service. 4) Avoid running this in highly sensitive environments until you’ve audited the Membrane CLI and its authentication flows.Like a lobster shell, security has layers — review code before you run it.
latestvk9744mcbnbajwp1nmh7p8svamx843842
License
MIT-0
Free to use, modify, and redistribute. No attribution required.