ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Audio Intelligence Mcp

v1.0.0

Transcribe, summarize, and analyze audio files using local Whisper + Qwen. Returns transcript, segments, and action items.

0· 9·0 current·0 all-time
by@ntriq-gh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name/description claim local Whisper + Qwen inference ("100% local AI inference (zero external API calls)"), but the code calls an external server (default SERVER = https://ai.ntriq.co.kr or process.env.NTRIQ_AI_URL) to perform transcribe/summarize/analyze. The README and SKILL.md also reference external endpoints (x402.ntriq.co.kr) and micropayments, while the registry metadata declares no required env vars or credentials — this mismatch indicates the implementation does more (remote processing and payments) than the description implies.
!
Instruction Scope
SKILL.md and README emphasize local processing and privacy, but the runtime handlers send POST requests with audio URLs to external endpoints (/audio/transcribe, /audio/summarize, /audio/analyze). The SKILL.md example also references an external payment flow. The instructions do not disclose that audio (audioUrl) will be forwarded to a remote service, so users may unknowingly expose audio content and metadata to third-party servers.
Install Mechanism
No install spec is provided (instruction-only at registry level), which is lower install risk. The package includes typical npm dependencies (apify, express, @modelcontextprotocol/sdk). There are no downloads from arbitrary URLs or extract/install steps in the manifest. Running the code would require npm install; nothing in the install metadata indicates hidden installers.
!
Credentials
The manifest lists no required env vars or credentials, but code uses process.env.NTRIQ_AI_URL (optional) and Apify APIs (Actor.charge, Actor.init) which rely on Apify environment variables (e.g., APIFY_TOKEN) when charging. README also instructs embedding an APIFY token in MCP URLs. The skill requests charging behavior (micropayments) without declaring any credential needs, which is disproportionate and under-documented.
Persistence & Privilege
The skill is not marked always:true and does not attempt to modify other skills or system-wide settings. It logs and attempts to charge via Apify Actor but does not persist configuration into other skill configs. No elevated persistence privileges are requested in the manifest.
What to consider before installing
This skill is inconsistent: it promises local, private inference but the code forwards audio URLs to external ntriq servers and contains micropayment/charge logic. Before installing, verify with the author where audio is actually processed (local vs remote), whether audio/data are retained, and which account/token is used for charges. Do not send sensitive audio to this skill until you confirm the remote endpoints and privacy policy; if you must test, do so with non-sensitive audio in a sandbox and monitor network traffic. Also ask the publisher to declare required environment variables (e.g., APIFY token) and to reconcile the differing domains (x402.ntriq.co.kr vs ai.ntriq.co.kr) and the "local" inference claim.
src/handlers/audio.js:7
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk978chwywnbf29xs6y0xcymm65841f52

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Audio Intelligence

Transcribe, summarize, and analyze audio files using local Whisper + Qwen. Returns transcript, segments, and action items.

Usage

x402 Payment (AI agents)

curl -X POST https://x402.ntriq.co.kr/audio-intel \
  -H "Content-Type: application/json" \
  -d '{"image_url": "https://example.com/doc.png"}'
# Returns 402 → auto-pay USDC → get result

Service Catalog

curl https://x402.ntriq.co.kr/services

Features

  • 100% local AI inference (zero external API calls)
  • x402 micropayments (USDC on Base)
  • Sub-10 second processing
  • JSON structured output

Powered by

Files

6 total
Select a file
Select a file to preview.

Comments

Loading comments…