ClawHub

midasheng-audio-tagging

v1.0.0

Audio tagging service for environmental sound recognition. Use when user needs to identify environmental sounds in audio files (water sounds, snoring, etc.)...

0· 95·0 current·0 all-time
byJunbo Zhang@jimbozhang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md, and the included script all describe and implement an audio-tagging client that uploads audio to a remote tagging API and checks queue metrics. The required capabilities align with the stated purpose.
Instruction Scope
The instructions and script are narrowly scoped to two actions: POST a multipart file to the tagging endpoint and POST to the metrics endpoint. However, both actions transmit user audio (or contact the service) over the network to https://llmplus.ai.xiaomi.com; the SKILL.md and code do not warn about privacy/PII implications. No other local files, credentials, or unrelated system state are read.
Install Mechanism
This is an instruction-only skill with a single Python script and no install spec. Nothing is downloaded or installed by the skill itself. The only runtime dependency is the 'requests' Python library (not declared), which is a minor packaging mismatch but not a security problem.
Credentials
The skill requests no environment variables or credentials (proportional). The main risk is data exposure: it sends user audio files to an external service (Xiaomi domain). Users should evaluate whether they are comfortable uploading potentially sensitive audio to that endpoint and confirm the service's privacy/legal policies.
Persistence & Privilege
The skill does not request persistent or privileged presence (always=false). It does not modify other skills or system configuration and does not require special privileges.
Assessment
This skill appears to be what it says: a client that uploads audio files to a remote tagging API. Before installing or using it, consider the following: - Privacy: Using the skill will upload audio files to https://llmplus.ai.xiaomi.com. Do not upload audio containing sensitive personal data, private conversations, or recordings you do not own or have permission to share. - Trust & policy: Verify who runs the endpoint and review their privacy policy and retention practices if you plan to send real data. - Local testing: Test with non-sensitive sample audio first to confirm behavior and outputs. - Dependency: The script uses the Python 'requests' library; ensure your runtime environment has it installed. - Alternate endpoints: The script allows overriding the API URL; if you have an on-prem or trusted tagging service, pass that URL instead to avoid sending data to the default remote service. If you need the skill to run without sending data externally, consider using or requesting a version that performs tagging locally or points to a self-hosted inference endpoint.

Like a lobster shell, security has layers — review code before you run it.

latestvk97chpckdn8rmhdx32a5b2yekh837qsx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments