Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Openclaw Feishu Optimizer
v1.0.0提供语音识别、多语言支持及消息格式化,优化 OpenClaw 在飞书平台上的语音与文本消息处理和智能回复体验。
⭐ 0· 558·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (voice recognition, multi-language, message formatting) match the provided files and instructions. Declared dependencies (SpeechRecognition, pydub) and Python usage are appropriate and proportionate for the stated functionality. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs installing SpeechRecognition and pydub and running the included Python scripts (absolute workspace paths). The runtime code only reads the audio file or message data supplied as the script argument and formats the recognized text. Important privacy note: the code uses speech_recognition.recognize_google(), which transmits audio data to Google's web API (the SKILL.md mentions network access for Google SR in troubleshooting but does not explicitly describe external transmission or retention).
Install Mechanism
There is no registry install spec; SKILL.md recommends pip3 install of well-known packages from PyPI (SpeechRecognition, pydub). This is a common, expected approach (moderate risk typical of pip installs); no downloads from unknown URLs or archive extraction are present.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. That is proportionate. The only external dependency is the Google Speech Recognition web service (no API key used), so the main non-local exposure is network transmission of audio to Google.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system settings, and is instruction-only with two local Python modules. It runs only when invoked and does not request elevated or persistent privileges.
Assessment
This skill appears to do what it says: convert audio to text and format replies. Before installing: (1) be aware audio is sent to Google's speech recognition service (network transmission of content — avoid sending sensitive audio), (2) install the Python packages in an isolated virtualenv rather than system-wide, (3) review the two Python files (they are short and readable) and avoid running the scripts on untrusted audio paths, (4) if you need an offline-only option for privacy, consider replacing the recognizer with an offline engine (e.g., VOSK) or request a version that supports local models, and (5) pin package versions and run in a sandboxed environment if you have elevated security concerns.Like a lobster shell, security has layers — review code before you run it.
latestvk977rx8dce70037needmqnr8p581maye
License
MIT-0
Free to use, modify, and redistribute. No attribution required.