Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Byted Las Asr Pro
v1.0.1ASR / STT / speech recognition / voice recognition engine powered by Volcengine LAS. Transcribes and converts speech to text from audio and video files — ext...
⭐ 0· 101·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md and scripts clearly expect Volcengine credentials (LAS_API_KEY, LAS_REGION) and optional TOS credentials (VOLCENGINE_ACCESS_KEY, VOLCENGINE_SECRET_KEY) as part of normal operation, and call out use of lasutil/ffprobe/jq/python3, but the registry metadata declared no required env vars and no required binaries. That mismatch between declared requirements and what the skill actually needs is incoherent and could mislead users about what secrets/tools are necessary.
Instruction Scope
Runtime instructions direct the agent to: source scripts/env_init.sh (which fetches a remote manifest and may install/update a Python wheel), read local .env files, create/activate a virtualenv in the project, call lasutil/ffprobe, upload local files to TOS, and optionally spawn a background poller. The instructions read files from the project root (./.env) and can cause network calls to vendor-hosted endpoints; they also instruct the agent to auto-upload user files to TOS. These actions go beyond simple 'call an API' guidance and include network fetch and install steps plus access to local environment files.
Install Mechanism
There is no static install spec in the registry, but scripts/env_init.sh fetches a remote manifest via curl and unconditionally pip-installs a wheel from https://las-ai-cn-beijing-online.tos-cn-beijing.volces.com/... — a runtime download-and-install of an archive from an external URL. Dynamic installation of code from an external host (extract/install) is higher-risk and should be declared explicitly and verifiable (signatures, known host).
Credentials
The skill legitimately needs LAS_API_KEY and LAS_REGION for Volcengine API access and may need TOS access keys if results are to be pulled back — these are appropriate for the described purpose. However the registry metadata fails to declare these env vars, and the scripts source a project-level .env (potentially exposing any other secrets present). That omission plus the ability to read project .env makes the requested environment access disproportionate to what the registry advertises and increases risk of inadvertent secret exposure.
Persistence & Privilege
The skill will create/activate a virtualenv (.las_venv) in the project root and may pip install or upgrade SDK packages on first run, and the poller can be disowned to run in background. While always:false (no forced global install), these behaviors modify the local environment and persist artifacts (venv, temporary LAS_WORKDIR, output files). Auto-updating/installing packages and spawning background processes are meaningful privileges and should be made explicit to users.
What to consider before installing
This skill appears to implement a Volcengine LAS transcribe pipeline, but there are several red flags you should address before installing or running it:
- Metadata mismatch: The registry lists no required env vars or binaries, but SKILL.md and scripts require LAS_API_KEY, LAS_REGION and rely on lasutil, ffprobe, jq, python3, pip, etc. Treat the metadata as incomplete until corrected.
- Runtime code fetch: The env_init.sh script fetches a manifest and pip-installs a wheel from a remote URL at runtime. That downloads and runs third-party code on your system — only proceed if you trust the exact host and can verify the wheel (checksums/signature).
- Secrets exposure: The scripts source a project-level .env file; do not keep unrelated secrets in that .env. The skill may also request additional VOLCENGINE_* credentials for downloading results — provide them only when absolutely necessary and preferably in a scoped/testing account.
- Persistence: The skill creates a virtualenv and can install/upgrade packages and spawn background pollers. Run it first in a disposable or isolated environment (container, VM) to observe behavior.
Concrete steps before use:
1. Ask the publisher for provenance: where does the manifest/wheel come from, and can they provide a signed release or checksum? Does this skill have an official homepage or vendor contact? 2. Request that registry metadata be corrected to list required env vars and binaries. 3. Inspect the remote manifest and wheel before allowing env_init.sh to install them; prefer manual installation from a vetted source. 4. Run the skill in an isolated environment (container) and avoid putting other secrets in project .env. 5. If you must supply production credentials, consider using least-privilege or temporary keys and monitoring billing/usage tightly.
If the publisher can supply a verifiable release (GitHub release or signed package), and the metadata is corrected to list env/binary requirements, the assessment could move toward benign; without that, treat the skill as suspicious.Like a lobster shell, security has layers — review code before you run it.
latestvk97dr1twjmaerbcb4ag9hmkw6s851wgs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.