Back to skill
Skillv1.0.0
VirusTotal security
Step Asr · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:48 AM
- Hash
- 00728cc2d434d519f868c3b615fba77218a78713c4f3318c3db23777b40e7453
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: step-asr Version: 1.0.0 The skill bundle is designed to transcribe audio files using the Step ASR API. The `SKILL.md` provides clear instructions and usage examples, and the `scripts/transcribe.py` script implements this functionality by reading a specified audio file, base64-encoding it, and sending it along with an API key (read from `STEPFUN_API_KEY` environment variable) to the `https://api.stepfun.com/v1/audio/asr/sse` endpoint. There is no evidence of unauthorized data exfiltration, malicious execution, persistence mechanisms, prompt injection attempts against the OpenClaw agent, or obfuscation. The file writing capability (`--out` argument) is for saving transcription results, which is a legitimate function of the skill, and does not indicate malicious intent within the skill itself.
- External report
- View on VirusTotal