ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Byted Las Audio Convert

v1.0.1

Converts and transcodes audio file formats and encoding parameters using Volcengine LAS. Audio format conversion between wav, mp3, flac, m4a, ogg, aac and ot...

0· 93·0 current·0 all-time
by@volcengine-skills·duplicate of @volcengine-skills/byted-las-video-resize
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's purpose (audio format conversion using Volcengine LAS) matches the instructions and helper scripts. However, the registry metadata claims no required env vars or binaries while the SKILL.md and scripts require LAS_API_KEY (and reference LAS_REGION) and rely on tools such as lasutil, ffprobe, jq and python3/venv. The missing declarations are an incoherence: a conversion skill reasonably needs an LAS API key and CLI/tools, so the metadata should list them.
!
Instruction Scope
SKILL.md instructs the agent to: check and ask the user for LAS_API_KEY and LAS_REGION, upload local files via lasutil, use ffprobe to read durations, call lasutil process, and source scripts/env_init.sh which fetches a remote manifest and may install/update an SDK. Those runtime steps include network fetches and an installation step that goes beyond simple API calls. The instructions also state that some operations may require VOLCENGINE_ACCESS_KEY and VOLCENGINE_SECRET for retrieving outputs — credentials not declared in metadata. The skill asks the agent to read/write env files and run shell scripts that perform network operations; this broad scope should be made explicit to users.
!
Install Mechanism
There is no formal install spec, but scripts/env_init.sh fetches a manifest from https://las-ai-cn-beijing-online.tos-cn-beijing.volces.com/ and then does pip install --upgrade of a .whl from that same host. A remote wheel install is a supply-chain risk because it executes code from a remote server at runtime. The URL is not a standard public release host like GitHub releases; it's a service-specific domain. This behavior is not declared in the registry install metadata and increases risk.
!
Credentials
The SKILL.md explicitly requires LAS_API_KEY (and references LAS_REGION). It also explains scenarios where VOLCENGINE_ACCESS_KEY and VOLCENGINE_SECRET_KEY are necessary to download outputs. The registry metadata however lists no required environment variables or primary credential. Requesting cloud API keys is proportionate to a cloud conversion service, but the omission in metadata and the conditional need for additional VOLCENGINE credentials (not declared) is a transparency problem and could lead to unexpected credential exposure.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide persistent privileges in the manifest. Its env_init.sh creates/uses a virtual environment (.las_venv) and a temporary LAS_WORKDIR; these are local to the project and ephemeral. Autonomous invocation is allowed by default but is not combined with other high-risk flags here.
What to consider before installing
This skill appears to legitimately wrap Volcengine LAS audio conversion, but there are transparency and supply-chain concerns you should address before installing or running it: - The SKILL.md requires LAS_API_KEY and LAS_REGION, and may require VOLCENGINE_ACCESS_KEY/VOLCENGINE_SECRET_KEY for some workflows, but the registry metadata lists no required env vars. Expect to provide cloud credentials if you run it. - The initialization script (scripts/env_init.sh) fetches a remote manifest and pip-installs a .whl from https://las-ai-cn-beijing-online.tos-cn-beijing.volces.com/. That means code will be downloaded and executed at runtime — treat this like installing third-party software. If you must run it, do so in a disposable sandbox or VM. - The scripts assume binaries (lasutil, ffprobe, jq, python3) are available; the skill metadata does not declare these dependencies. Make sure those binaries are present and trusted or run in an environment where you control them. - If you plan to provide API keys: only provide the minimum-scoped credentials, and avoid using highly privileged keys on sensitive machines. Consider creating a dedicated LAS key with restricted permissions and verifying which operations require VOLCENGINE access keys. - If you want to install safely: inspect the remote manifest and the wheel before execution (download the .whl manually, inspect contents, check signatures or checksums if available), or ask the skill author/owner for the upstream source and a signed release. Ask the publisher to update the registry metadata to list required env vars and binaries and to host the SDK/wheels on a well-known release channel. Given the inconsistencies and the remote pip install behavior, treat this skill as suspicious until metadata and install behavior are clarified or you vet the remote wheel and manifest.

Like a lobster shell, security has layers — review code before you run it.

latestvk976tz75fenk80dcbq9wnfhzqs8504kp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments