Back to skill
Skillv1.0.1
VirusTotal security
Local Vosk STT · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:41 AM
- Hash
- af2cc5a67efcdbe069904cc7ef2eeb8d320850641d09ba172f04099391c70297
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: local-vosk Version: 1.0.1 The skill is classified as suspicious due to the use of `wget` to download external content from `https://alphacephei.com/vosk/models` and `pip3 install vosk --user --break-system-packages` for system modification, both found in SKILL.md. While the stated purpose is benign (local speech-to-text) and the sources appear legitimate, these actions involve external network calls and system-level package management with a flag (`--break-system-packages`) that allows potentially disruptive modifications. These capabilities, if exploited or if the external source were compromised, could pose a supply chain risk or system integrity issues, thus exceeding the 'benign' threshold for a security review.
- External report
- View on VirusTotal