Skillv1.0.0

ClawScan security

iFlytek ASR - 讯飞语音转文字 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 10:01 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what it claims (download YouTube audio and upload audio to iFlytek ASR) but the package/metadata omit required credentials and binaries, and some behaviors (skipping certificate checks, uploading full audio to an external endpoint) deserve user review before installing.
Guidance: What to check before installing 1) Metadata mismatch: The registry entry says no credentials or required binaries, but the code and SKILL.md require three XFYUN credentials and the yt-dlp/ffprobe binaries. Treat the metadata omission as a red flag—confirm the author/source before proceeding. 2) Audio upload / privacy: The scripts upload entire audio files to an external API (BASE_URL=https://office-api-ist-dx.iflyaisol.com). This is expected for a cloud ASR, but you should only transcribe audio you are comfortable uploading. Verify the endpoint is an official iFlytek domain and check the vendor's privacy/retention policy if you have sensitive audio. 3) TLS bypass in downloads: The yt-dlp commands include --no-check-certificates. This disables certificate verification for downloads and can expose you to MITM attacks when downloading audio. Consider removing that flag or running yt-dlp without it. 4) Required local binaries: Ensure yt-dlp and ffprobe (from ffmpeg) are installed and come from trusted sources. The code falls back to a filesize-based duration estimate if ffprobe is missing, but accurate duration detection relies on ffprobe. 5) Secrets handling: The install scripts copy .env.example to .env; do not commit or share .env. Inspect the code to ensure no hardcoded keys are present (the package appears to follow that guideline). 6) Source trust: The skill owner and homepage are unknown. If you do not trust the source, run the scripts in an isolated VM/container, audit network endpoints, or prefer an offline transcription alternative (e.g., local Whisper) for sensitive content. If you decide to proceed: inspect/validate BASE_URL (DNS/ownership), remove/avoid --no-check-certificates, supply credentials only in a local .env, and run first with non-sensitive test audio.

Review Dimensions

Purpose & Capability: concernName and description describe a cloud ASR skill and the code implements that. However the registry metadata claims no required environment variables or primary credential, while the SKILL.md and scripts clearly require XFYUN_APP_ID, XFYUN_ACCESS_KEY_ID, and XFYUN_ACCESS_KEY_SECRET. The metadata also lists no required binaries, but the scripts call external binaries (yt-dlp and ffprobe). This mismatch between claimed metadata and actual requirements is incoherent and should be corrected/clarified.
Instruction Scope: noteRuntime instructions and scripts are focused on the stated purpose: downloading audio (yt-dlp) and uploading audio to an iFlytek API for transcription. That said, the scripts will upload entire audio files (potentially sensitive) to an external endpoint (BASE_URL = https://office-api-ist-dx.iflyaisol.com) — which is expected for cloud ASR but important to surface to users. Also the download scripts pass --no-check-certificates to yt-dlp, which weakens TLS validation for downloads and is a security concern.
Install Mechanism: noteThere is no formal registry install spec, but the repo includes install.sh that runs pip3 install -r requirements.txt. The dependencies (yt-dlp, requests, python-dotenv) are reasonable for the task. No high-risk remote binary downloads or obfuscated installers are present. The presence of packaging and install scripts in the bundle is expected, but the registry metadata not reflecting required env vars/binaries is inconsistent.
Credentials: concernThe code needs three sensitive environment values (XFYUN_APP_ID, XFYUN_ACCESS_KEY_ID, XFYUN_ACCESS_KEY_SECRET) to operate, yet the registry metadata declares none and primary credential is unset. Requesting these secrets is proportionate to a cloud ASR service, but the omission from metadata is a transparency problem. No other unrelated secrets are requested.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and its install script only installs Python packages and creates a .env from a template. It does write downloaded audio and transcript files to disk (as expected) but does not request elevated system privileges.