ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Aliyun Asr

v1.0.10

Pure Aliyun ASR skill for voice message transcription, supports multiple channels including Feishu

2· 2.1k·7 current·10 all-time
byJixson@jixsonwang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code: the Python code calls Aliyun NLS endpoints to convert audio to text. However, the metadata claimed no required config paths or credentials while the implementation requires a settings file at /root/.openclaw/aliyun-asr-config.json containing AccessKeyId/Secret and app_key. The use of ffmpeg for format conversion is present in code but not declared in required binaries. These gaps are inconsistent with the published metadata/README.
!
Instruction Scope
SKILL.md asserts "automatic integration, no additional configuration" and "no data storage," yet runtime instructions and code require creating a config file with credentials under /root/.openclaw and advise chmod 600. The code will read that file and exit if missing. The handler also invokes ffmpeg via subprocess to convert OGG→WAV, and posts raw audio bytes to Aliyun endpoints. The README's automatic/zero-config claim is therefore misleading and grants the skill implicit access to a sensitive on-disk config path.
Install Mechanism
No install spec (instruction-only installer) — lower risk because nothing is auto-downloaded. The package includes Python code and declares dependency on the requests Python package in the README. However, ffmpeg is invoked at runtime but not listed as a required binary. There is also an empty index.js/package.json present (benign but unnecessary).
Credentials
The skill does not request environment variables but requires permanent credentials stored in a local JSON config file (access_key_id and access_key_secret). Those credentials are appropriate for calling Aliyun ASR, but storing them in /root/.openclaw implies the skill expects root-level file access. The number/type of secrets (Aliyun keys) is proportionate to the stated purpose, but the mismatch between declared/actual config requirements and use of a root path is concerning.
Persistence & Privilege
Skill does not request always:true and does not modify other skills or system-wide settings. It runs as an on-demand handler and prints or returns recognized text. No indications of privileged persistence beyond reading the expected config file.
What to consider before installing
This skill's code implements Aliyun ASR and calls official Aliyun endpoints, but there are important inconsistencies you should consider before installing: - The README's "no extra configuration" claim is false: you must create /root/.openclaw/aliyun-asr-config.json containing your Aliyun access_key_id/access_key_secret and app_key. The registry metadata did not declare this config path. Confirm you are comfortable storing credentials on disk at that location and that the agent process has permission to read it. - The code invokes ffmpeg for OGG→WAV conversion but ffmpeg is not listed as a required binary. Ensure ffmpeg is available and that calling subprocesses is acceptable in your environment. - The skill posts raw audio bytes to Aliyun NLS endpoints (expected for ASR). There are no hidden external endpoints in the code, which is good, but review the code yourself if you don't fully trust the author. - Prefer creating a least-privilege RAM subuser as recommended, and set strict file permissions (chmod 600) on the config file. Consider running the agent under a non-root account and placing the config in a non-root path — or update the code to allow a configurable config path. If you need this functionality and are comfortable with the above, the implementation is plausible. If you cannot or will not store cloud credentials on disk at /root or cannot allow subprocess calls, do not install. If uncertain, request the author to (1) declare the config path in metadata, (2) allow config path override via env var, and (3) declare ffmpeg as a required binary.

Like a lobster shell, security has layers — review code before you run it.

aliyunvk97c8k0jwv2a6tsdmx806a91ex80w21jasrvk97c8k0jwv2a6tsdmx806a91ex80w21jchinesevk97c8k0jwv2a6tsdmx806a91ex80w21jfeishuvk97c8k0jwv2a6tsdmx806a91ex80w21jlatestvk976vm978eph28bbcmjh2e9bv580y48jvoicevk97c8k0jwv2a6tsdmx806a91ex80w21j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎙️ Clawdis
Binspython3

Comments