Qwen ASR

The skill provides local speech-to-text by downloading a pre-compiled binary from a third-party GitHub repository (huanglizhuo/QwenASR) and a 1.5GB model from HuggingFace. While these actions are aligned with the stated purpose of the tool, downloading and executing unverified binaries from external sources is a high-risk capability. The scripts (install.sh and transcribe.sh) are functionally sound and do not show signs of intentional malice, data exfiltration, or prompt injection.