Back to skill

Security audit

Qwen ASR

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local speech-to-text tool, with the main caveat that installation downloads an external executable and model without checksum verification.

Install only if you trust the upstream QwenASR release and HuggingFace model source. The setup will place an executable in ~/.local/bin and a large model under ~/.openclaw/tools; consider verifying the release manually if your environment requires strict supply-chain controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill invokes shell scripts for installation and transcription, but it does not declare corresponding permissions. That creates a trust and policy gap: users or orchestrators may treat the skill as lower risk than it is, while it can download and execute external binaries and process local files via shell commands. In this context, the danger is increased because installation explicitly pulls artifacts from GitHub Releases and HuggingFace, expanding supply-chain exposure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documentation does not prominently warn that installation downloads a pre-built executable from GitHub Releases and a large model from HuggingFace. Users may initiate installation without understanding the external network access, supply-chain risk, storage impact, or trust assumptions, which is especially relevant for a local/offline-branded skill.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.