ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

S2-SP-OS Acoustic Radar

v1.0.5

S2-SP-OS Acoustic Radar. Edge-delegated zero-shot classification with Ephemeral Privacy and strict LAN-only network enforcement. / S2-SP-OS 语义声学雷达。本地边缘零样本分类,...

0· 69·0 current·0 all-time
byMilesXiang@spacesq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (LAN-only acoustic radar, ephemeral audio) align with required binaries (python3) and included code. The code records a 3s audio slice, encodes it, and posts it to a local HTTP endpoint for classification—this is consistent with the stated Edge-Brain delegation design.
Instruction Scope
SKILL.md and code instruct the agent to record microphone audio (3s) and POST a Base64 WAV to http://<edge_ip>:8000/api/v1/analyze. That behaviour is within the declared purpose, but recording microphone input is inherently sensitive and the instructions rely on the Edge Brain being trustworthy and strictly LAN-bound. The SKILL.md requires explicit consent before recording, which the code enforces.
Install Mechanism
No install spec; instruction-only skill with a single Python file. Dependencies (sounddevice, numpy) are reasonable for local audio capture and processing. Nothing is downloaded from arbitrary URLs or installed silently.
Credentials
The skill requests no environment variables, no credentials, and no config paths. This is proportionate to its function. It does require microphone access (via local sounddevice) which is appropriate but sensitive.
Persistence & Privilege
always:false and no attempt to persist configuration or modify other skills. The code explicitly deletes the raw audio variables after sending (memzero pattern). It does not autonomously alter agent settings or write to disk.
Assessment
This skill appears coherent: it records a short (3s) audio slice and sends it to a local Edge Brain, enforcing private LAN IPs and requiring user consent. Before installing or running: 1) Confirm the Edge Brain service at the LAN address is fully under your control and audited—the skill cannot prevent a local server from forwarding data to the internet. 2) Isolate the Edge Brain on a network segment with blocked internet egress (firewall rules) if you need strong privacy guarantees. 3) Verify the Edge Brain implementation (the endpoint /api/v1/analyze) to ensure it doesn't store or exfiltrate raw audio. 4) Be aware the skill will access the system microphone—ensure user consent and consider a visible hardware/OS indicator. 5) Test in a controlled environment first (air-gapped or VLAN) to confirm behavior matches expectations.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dctyr3h3svqxeh6fesv3nv183cr5t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎧 Clawdis
Binspython3

Comments