Env credential access
Critical
- Finding
- Environment variable access combined with network send.
- Content
const apiKey = api.pluginConfig?.apiKey || process.env.MIMO_API_KEY;
Mimo Stt Publish
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This plugin appears to do the advertised speech-to-text job, but it uploads the selected local audio file and MiMo API key to an external endpoint, so users should configure it carefully.
This looks like a normal API-backed speech-to-text plugin. Before enabling it, confirm you trust the MiMo endpoint, provide a dedicated API key if possible, and only let it process audio files you intend to upload for transcription.
Static analysis
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
- Content
const KEY = process.env.MIMO_API_KEY;
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Content
const apiKey = [REDACTED]?.apiKey || process.env.MIMO_API_KEY;
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
#
ASI02: Tool Misuse and Exploitation
Low
What this means
If the agent or user passes the wrong path, the plugin could upload a non-audio or unintended local file to the configured STT endpoint.
Why it was flagged
The tool caller supplies a local path that the plugin reads and transcribes. This is expected for speech-to-text, but there is no artifact evidence of path, file type, or size enforcement.
Skill content
filePath: Type.String({ description: "音频文件的本地路径" }) ... readFileSync(params.filePath); ... const result = await transcribe(params.filePath);Recommendation
Use the tool only with intended audio attachments; the publisher should restrict paths to OpenClaw-provided audio files and validate extension/MIME/size.
#
ASI03: Identity and Privilege Abuse
Low
What this means
Your MiMo API key is used by this plugin to make transcription requests.
Why it was flagged
The plugin uses a MiMo API credential and sends it as an API header to the configured endpoint. This is necessary for the integration and is described in the configuration section.
Skill content
const apiKey = api.pluginConfig?.apiKey || process.env.MIMO_API_KEY; ... headers: { "Content-Type": "application/json", "api-key": apiKey }Recommendation
Use a dedicated MiMo API key if possible, keep it out of shared logs/configs, and only configure trusted endpoints.
#
ASI07: Insecure Inter-Agent Communication
Low
What this means
Audio contents are transmitted to the configured MiMo-compatible service for transcription.
Why it was flagged
Audio content is sent to an external provider endpoint, and the endpoint can be configured. This is purpose-aligned, but it is a sensitive data boundary users should understand.
Skill content
const apiBase = api.pluginConfig?.apiBase || process.env.MIMO_API_BASE || "https://api.xiaomimimo.com"; ... fetch(`${apiBase}/v1/chat/completions`, { ... body: JSON.stringify(body) })Recommendation
Keep the default official endpoint unless you trust an alternate API base, and avoid sending private audio you do not want processed by that service.
#
ASI09: Human-Agent Trust Exploitation
Low
What this means
A user might assume the plugin can only contact the official Xiaomi endpoint, even though configuration can redirect requests.
Why it was flagged
This safety wording is mostly accurate for the default configuration, but the code and plugin schema allow a configurable apiBase, so the official endpoint is not enforced by the artifact.
Skill content
No external network calls except to Xiaomi official API
Recommendation
The publisher should clarify that the official endpoint is the default and warn users to configure only trusted apiBase values.
#
ASI04: Agentic Supply Chain Vulnerabilities
Info
What this means
The registry summary may understate that this skill runs plugin code and needs Node/API configuration.
Why it was flagged
The included files define executable plugin code and a package dependency, so the registry install summary appears incomplete. The artifacts do not show a remote install script or hidden helper.
Skill content
Install specifications: No install spec — this is an instruction-only skill.
Recommendation
Review the included source and configuration files before enabling; the registry metadata should be updated to match the plugin requirements.