ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

qqbot-stt

v1.0.0

在本地运行 Qwen3-ASR 模型,通过 HTTP 服务为 QQBot 提供精准的语音转文字功能。

0· 126·0 current·0 all-time
by@rekslee
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The README / SKILL.md describe a 'local-stt' skill providing a Qwen3-ASR HTTP/CLI STT service for QQBot, which is coherent with the included code. However the package metadata says 'qqbot-stt' while files and instructions repeatedly refer to 'local-stt' (name mismatch). main.py hard-codes QWEN_ASR_SCRIPT to /Users/reks/.openclaw/skills/qwen-asr/scripts/main.py (a user-specific absolute path) which does not match the skill's own layout and is unexpected for a distributable skill.
!
Instruction Scope
SKILL.md asks you to clone/install a different skill (local-stt) and edit ~/.openclaw/openclaw.json — that is expected — but it also presumes external toolchains (HuggingFace model downloads, ffmpeg) while requirements.txt does not list the model/ML libs. The instructions and code reference an env var MLX_ASR_MODEL and rely on external network/model downloads; SKILL.md and requires.env declare no required env vars, so the runtime assumptions are under-specified. The docs also encourage running openclaw gateway and grepping logs (harmless) but give the agent broad leeway to run system commands during setup.
!
Install Mechanism
No install spec is provided (instruction-only), yet the package includes executable code files that must be run manually. requirements.txt only lists fastapi, uvicorn, python-multipart but the code imports mlx_qwen3_asr and uses model-serving libraries (transformers/torch) and ffmpeg; those dependencies are missing from requirements.txt. Running pip install -r requirements.txt will not install the packages actually required, and following the README will cause manual installs that fetch heavy third-party ML packages (and arbitrary code via 'trust_remote_code=True'). This increases risk because additional packages will be pulled from PyPI/HuggingFace at runtime.
Credentials
The skill declares no required env vars, but server.py and transcribe.py read MLX_ASR_MODEL and code expects ffmpeg on PATH. There are no API keys requested, which is proportionate, but the hidden dependency on MLX_ASR_MODEL (and possible use of huggingface credentials when downloading models) is not surfaced in the metadata.
Persistence & Privilege
always is false; the skill does not request forced inclusion or elevated platform privileges. It runs as a normal local service/CLI, so persistence/privilege requests are appropriate for its purpose.
What to consider before installing
Before installing or running this skill: - Treat it as suspicious until you verify sources: the SKILL.md and files refer to 'local-stt' while registry metadata says 'qqbot-stt' — verify you obtained the intended package. - Do not run the server or scripts as root. Run them in an isolated environment (dedicated user account or container/VM). - Inspect and confirm the file referenced by main.py (QWEN_ASR_SCRIPT = /Users/reks/.openclaw/skills/qwen-asr/scripts/main.py). Hard-coded absolute paths are unexpected and could point to mispackaging; ensure that path is what you expect or change it to the correct local script. - The requirements.txt is incomplete. Expect to manually install heavy ML packages (torch/transformers or an 'mlx_qwen3_asr' package) and ffmpeg; these will pull code from PyPI/HuggingFace (including 'trust_remote_code=True' in suggested code), which increases supply-chain risk — review those packages' sources first. - The code runs subprocesses (ffmpeg, model CLI) and spawns other Python modules. Review any third-party module (especially 'mlx_qwen3_asr' or 'qwen-asr') for network behavior before allowing model downloads. - If you proceed, run first in an isolated VM or container, confirm it only binds to localhost and does not exfiltrate data, and verify logs and network connections during the initial model download and runtime. If you want, provide the upstream repository URL or the contents of the referenced qwen-asr scripts; that additional context would raise or lower confidence in this assessment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e3pswjfzb9nm4jh05d9vvt9838897

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments