audio-transcribe-summarize
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: audio-transcribe-summarize Version: 1.0.1 The skill provides a legitimate utility for transcribing and summarizing audio/video files using the SenseAudio ASR API (api.senseaudio.cn). The Python script `scripts/transcribe.py` correctly handles file splitting via `ffmpeg` and communicates with the API as described in the documentation. No evidence of data exfiltration, malicious execution, or prompt injection was found; the code follows best practices such as using argument lists in `subprocess.run` to prevent shell injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may need setup steps that are not surfaced by registry metadata, such as configuring an API key or installing ffmpeg for large files.
The registry metadata does not declare the API key or helper dependencies that the SKILL.md and script require, so install-time visibility is incomplete even though the requirements are documented in the skill text.
Required binaries (all must exist): none ... Required env vars: none ... Primary credential: none
The publisher should declare the API key and optional helper binaries/packages in metadata; users should install dependencies only from trusted sources.
Use of the key may consume account quota or bill the associated SenseAudio account.
The script uses a SenseAudio API key from the environment as a bearer credential for the external transcription service. This is expected for the integration, but it is still account-authorizing access.
key = os.environ.get("SENSEAUDIO_API_KEY") ... headers = {"Authorization": f"Bearer {api_key}"}Use a revocable or limited API key if available, avoid exposing the environment variable, and revoke the key if you stop using the skill.
Private meetings, lectures, interviews, or recordings could be processed by the external provider under its terms and retention practices.
The selected audio/video file contents are uploaded to SenseAudio for transcription. This is the core purpose of the skill and is disclosed, but it means media content leaves the local environment.
API_URL = "https://api.senseaudio.cn/v1/audio/transcriptions" ... files = {"file": (os.path.basename(filepath), open(filepath, "rb"))} ... requests.post(API_URL, headers=headers, files=files, data=data, timeout=300)Only use the skill with files you are allowed to upload, and review SenseAudio's privacy/data-retention terms for sensitive or regulated recordings.
Large media files will be processed locally and temporary chunks will be created before upload.
For files over 10MB, the script invokes the local ffmpeg binary to split media before upload. This command execution is disclosed and purpose-aligned, but depends on the local ffmpeg installed on the user's system.
subprocess.run([ffmpeg, "-y", "-i", filepath, "-ss", str(start), "-t", str(chunk_duration), "-acodec", "copy", "-vn", chunk_path], capture_output=True)
Install ffmpeg from a trusted source and review the output path if using the optional --output setting.