ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

audio-audit-skill

v1.0.0

音频/视频内容质检与审核工具 — 自动识别语音内容,检测敏感词、违规信息,生成结构化审核报告

0· 166·0 current·0 all-time
byWan Shuaibing@qwerty0205
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md implement ASR-based transcription, keyword scanning, speaker diarization and reporting which match the skill description. However the registry metadata lists no required binaries or env vars while SKILL.md and the script clearly require ffmpeg and SENSEAUDIO_API_KEY — an internal inconsistency in declared requirements.
!
Instruction Scope
SKILL.md instructs the agent to run the included script and to 'echo "SENSEAUDIO_API_KEY=$SENSEAUDIO_API_KEY"' as a first step — echoing an API key risks leaking secrets in logs or chat output. The SKILL.md also tells Claude to directly read the generated transcript for deep semantic analysis (expected for this purpose), but this means the agent will process potentially sensitive content. No other out-of-scope file access or unexpected external endpoints are present in the instructions.
Install Mechanism
There is no install spec (no downloads or package installs). The skill includes a Python script that uses requests and subprocess; no remote install of third-party code was specified. This is lower risk than remote downloads, but the included script will make network calls when run.
Credentials
The script only requires a single external credential (SENSEAUDIO_API_KEY) which matches the stated integration with SenseAudio — that is proportionate. However the registry metadata omitted declaring this required env var. Also the script will send audio content and transcripts to api.senseaudio.cn, so providing the API key grants that service access to uploaded media.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and contains no install step that would persistently alter agent/system configuration. It runs as an on-demand script.
What to consider before installing
Key points to consider before installing or running this skill: - Inconsistency: the registry metadata claims no requirements but SKILL.md and the script require ffmpeg and SENSEAUDIO_API_KEY. Treat the SKILL.md/script as authoritative and ensure ffmpeg is present and you have a SenseAudio key. - Do NOT run the suggested echo command as-is in environments where outputs are logged or visible to others — it prints your API key and can leak secrets. Instead verify the key by running a safe test request or by checking whether the environment variable is non-empty without printing it. - The script uploads audio to https://api.senseaudio.cn. Only run on audio you are permitted to send to a third-party ASR service; transcripts may contain PII or sensitive content. - Inspect the included scripts locally before execution. The code uses subprocess (ffmpeg/ffprobe) and requests; confirm there is no unwanted behavior in the truncated portion of the file (e.g., unexpected network destinations or arbitrary command execution). Consider running in an isolated environment (container or VM) first. - If you proceed, consider using a scoped/ephemeral SenseAudio API key and rotate it afterwards. Test the skill on non-sensitive audio first. If you want, I can: (a) review the remainder of scripts/audio_audit.py if you provide the truncated portion, (b) suggest a safer check to replace the echo command, or (c) produce a quick checklist/command set to run the script in a sandboxed environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk978nvhf1bmxggwcns6thmpd11833x0r
166downloads
0stars
1versions
Updated 11h ago
v1.0.0
MIT-0
Wan Shuaibing@qwerty0205
latest
Download

音频内容审核 (Audio Content Audit)

基于 SenseAudio ASR,对音频或视频文件进行自动化内容审核。

核心功能

  1. 语音转文字 — 调用 SenseAudio ASR 将音频/视频中的语音识别为文字
  2. 敏感词检测 — 内置敏感词库 + 正则匹配,快速扫描违规关键词
  3. 情感分析 — 利用 ASR 情感识别能力,标注异常情绪片段
  4. 说话人分离 — 多人场景下区分不同说话人的违规内容
  5. 结构化报告 — 输出 JSON 审核报告,包含风险等级、违规片段时间戳

使用方式

用户说出类似以下请求时触发此 Skill:

  • "帮我审核一下这个音频内容"
  • "检查这个视频有没有违规内容"
  • "对这批音频做内容质检"

执行步骤

第一步:检查 API 密钥

echo "SENSEAUDIO_API_KEY=$SENSEAUDIO_API_KEY"

如果 SENSEAUDIO_API_KEY 为空,必须先向用户询问,说明在 https://senseaudio.cn 注册获取。不要直接运行脚本让它报错。

第二步:运行脚本进行审核

# 基础审核
python scripts/audio_audit.py "/path/to/audio.mp3" --output outputs/

# 启用说话人分离 + 情感分析
python scripts/audio_audit.py "/path/to/meeting.mp4" --speaker --sentiment

# 自定义敏感词
python scripts/audio_audit.py "/path/to/audio.mp3" --keywords "赌博,色情,暴力"

# 批量审核目录下所有音视频
python scripts/audio_audit.py "/path/to/media_folder/"

注意:如果环境变量 SENSEAUDIO_API_KEY 已设置,无需 --senseaudio-api-key

第三步:深度语义审核(如用户需要)

脚本会输出转写文本(*_transcript.txt)和关键词扫描报告。如果用户需要更深入的语义审核(隐晦违规、擦边内容、不当言论等),你(Claude)直接读取转写文本进行分析,不需要调用外部 LLM。

分析维度:

  • 政治敏感、暴力血腥、色情低俗
  • 违法违规(赌博、诈骗、毒品)
  • 虚假宣传、歧视侮辱、隐私泄露

第四步:返回结果

将审核报告返回给用户,重点标注风险项。

环境要求

  • Python 3.10+,依赖:requests
  • 系统依赖:ffmpeg(用于视频音频提取)
  • SENSEAUDIO_API_KEY — SenseAudio API 密钥(唯一需要的密钥)

参数说明

参数说明默认值
input输入音频/视频文件或目录(必填)-
--output输出目录输入文件同级 audit_output/
--modelASR 模型 (lite/standard/pro)standard
--language音频语言代码 (zh/en/ja 等)自动检测
--speaker启用说话人分离
--sentiment启用情感分析
--keywords自定义敏感词(逗号分隔)内置词库
--senseaudio-api-keySenseAudio API 密钥环境变量

输出文件

文件说明
文件名_audit.json结构化审核报告(含风险等级、违规片段、时间戳)
文件名_audit.txt人类可读的审核摘要
文件名_transcript.txt完整转写文本

Comments

Loading comments...