Skillv1.0.0

ClawScan security

douyindownloadwhisper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 25, 2026, 2:17 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The documentation and registry claim a local-only Whisper + built-in-LLM tool with no required credentials, but the included code reaches out to third‑party APIs and references API keys that are not declared—this mismatch is a red flag.
Guidance: Do not install or run this skill without understanding and consenting to its network behavior. Specific points to consider before using: (1) the documentation claims local-only processing, but the code will contact api.siliconflow.cn and api.minimaxi.com and can upload audio/text—this is not documented and requires API keys. (2) If you must use it, inspect the entire douyin.js file end-to-end (the snippet is truncated) to find all endpoints and data flows, and confirm what is sent. (3) If you want purely local processing, modify the script to remove external API calls (delete or disable SiliconFlow/MiniMax calls and the related env-var checks) and ensure Whisper runs fully locally. (4) Run the script in an isolated environment (VM or sandbox) and monitor outbound network connections before providing any API keys or running on sensitive data. (5) The SKILL.md also contains malformed example paths—verify and correct them to avoid accidental behavior. If the author can confirm the code will not send audio/text to third parties and update SKILL.md to declare required env vars and endpoints, the assessment could change to benign.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (download Douyin videos, local Whisper transcription, and OpenClaw-built-in LLM segmentation) is plausible, but the code includes calls to external services (api.siliconflow.cn and api.minimaxi.com) and mentions environment variables (SILI_FLOW_API_KEY, MINIMAX_API_KEY) that are not declared anywhere in the SKILL.md or registry metadata. The presence of external-API integration is not explained by the description and is disproportionate to the 'local-only' claim.
Instruction Scope: concernSKILL.md instructs local execution (Whisper and ffmpeg) and says segmentation uses the OpenClaw built-in LLM, but the code actually invokes external endpoints (MiniMax via curl, likely SiliconFlow) and will upload/POST data (audio/text) to third parties if API keys are present. The runtime docs omit these network behaviors and the environment variables the code expects. There are also odd/malformed example paths in SKILL.md (missing path separators) that may cause unexpected behavior.
Install Mechanism: noteThere is no install spec (instruction-only), which is lower risk; however, the code itself spawns external programs (ffmpeg, whisper, curl) and will automatically trigger network activity (Whisper may auto-download models, the script calls external APIs). Lack of an install step reduces installer risk but does not prevent the script from performing network I/O at runtime.
Credentials: concernRegistry and SKILL.md state no required environment variables, but the code uses and documents SILI_FLOW_API_KEY and MINIMAX_API_KEY (plus behavior that falls back to process.env). Requiring API keys for third‑party transcription/segmentation is not justified in the public docs and increases the risk of sensitive data (audio/transcripts) being sent to external services.
Persistence & Privilege: okThe skill is not marked always:true and does not request permanent platform privileges. It appears to be a normal, user-invoked skill; no evidence it modifies other skills or system-wide configs was found in the provided portion of code.