Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
TencentCloud ASR
v0.1.5腾讯云语音识别 ASR Skill,适用于语音转文字、音频转写、字幕生成、会议转录、语音消息识别、 本地文件或 URL 音频识别。包含三种模式:一句话识别(<=60s 短音频)、录音识别极速版 (<=2h/100MB 中长音频快速同步返回)、录音识别(<=5h 长音频异步识别)。支持普通话、 英语、粤语、日语、韩...
⭐ 5· 1.3k·17 current·17 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill name, docs, and scripts all implement Tencent Cloud ASR functionality (sentence/flash/file modes) — that is coherent. However, the registry metadata declares no required environment variables or primary credential while the scripts and references explicitly require TENCENTCLOUD_SECRET_ID/TENCENTCLOUD_SECRET_KEY (and sometimes TENCENTCLOUD_APPID). This metadata omission is an incoherence that could mislead users about secrets the skill needs.
Instruction Scope
SKILL.md instructs the agent to run local scripts (inspect_audio.py, ensure_ffmpeg.py, self_check.py, and the various recognizers). The docs also include integration guidance that accesses system paths (e.g., /home/admin/.openclaw/qqbot/downloads for QQ Bot integration) and recommend accepting/processing user-provided credentials. The skill explicitly permits autonomous installation of system components (ffmpeg/ffprobe) and running pip installs; these behaviors go beyond purely analyzing an uploaded audio file and require careful user consent.
Install Mechanism
There is no static install spec in registry metadata (instruction-only), but scripts perform dynamic installs at runtime: ensure_ffmpeg.py drives system package managers (apt/dnf/yum/zypper/brew/winget/choco) and may run sudo, and file_recognize.py auto-installs the tencentcloud SDK via pip. ensure_ffmpeg.py also contains logic to fetch rpmfusion rpms via a mirror URL as a repo fallback. These dynamic install actions modify the host and involve network downloads — expected for full ASR functionality but higher-risk than pure instruction-only skills and not reflected in metadata.
Credentials
The skill requires Tencent Cloud credentials (SecretId/SecretKey) and optionally AppId, documented across references and enforced by scripts (require_credentials, get_credentials). The registry metadata reported 'Required env vars: none' and 'Primary credential: none', which is contradictory. The skill also references TENCENTCLOUD_TOKEN optionally. Asking for these secrets is proportional to the service, but the metadata omission and the skill's guidance around receiving credentials via chat (even while warning about risks) are notable issues for users with limited security awareness.
Persistence & Privilege
The skill is not marked always:true, and does not request persistent platform privileges. However, runtime behavior includes: attempting to install system packages (possibly with sudo), adding repos (rpmfusion fallback), and installing pip packages — all of which can alter the host system. The skill also contains guidance for integrating with host systems (OpenClaw/QQ Bot) that accesses host paths. That level of side-effecting system access is significant and should be explicitly consented to by the user/environment operator.
What to consider before installing
Plain-language considerations before installing or using this skill:
- The skill actually needs your Tencent Cloud credentials (TENCENTCLOUD_SECRET_ID and TENCENTCLOUD_SECRET_KEY, and sometimes TENCENTCLOUD_APPID) even though the registry metadata says none — do not paste secrets into group chat; prefer configuring them locally or providing them only in a secure, private channel.
- At runtime the skill may auto-install software: it can call system package managers (apt/dnf/yum/zypper/brew/winget/choco, possibly with sudo) to install ffmpeg/ffprobe and will pip-install the tencentcloud SDK. That means it can modify the host system and requires network access. Only run it on machines where you accept those changes (e.g., disposable VM, container, or developer machine), or inspect and run the scripts manually yourself.
- The code references and may read host file paths (e.g., QQ Bot downloads directory) for integrations — if you don't want that, don't enable the QQ Bot integration or run the skill in an isolated environment.
- The SKILL.md includes helpful security guidance (prefer temporary env injection, don't write keys to shell profiles), but some reference docs also show how to persist keys. Decide your preferred credential handling policy and enforce it (temporary env vs. persistent profile).
- If you are not comfortable with automated package installs, review the scripts (ensure_ffmpeg.py, file_recognize.py, etc.) and run them manually under supervision, or set up ffmpeg and the Python SDK yourself before invoking the skill.
What would increase my confidence: updated registry metadata that correctly lists required environment variables/primary credential and an explicit install manifest or an option to disable autonomous installation. If those aren’t provided, treat this skill as requiring elevated trust and run it only in an isolated environment.Like a lobster shell, security has layers — review code before you run it.
asrvk973593verfeqqvf4px57y1c1982qr9nchinesevk973593verfeqqvf4px57y1c1982qr9ndoubaovk973593verfeqqvf4px57y1c1982qr9nenglishvk973593verfeqqvf4px57y1c1982qr9nfeishuvk973593verfeqqvf4px57y1c1982qr9nlatestvk973593verfeqqvf4px57y1c1982qr9nqqvk973593verfeqqvf4px57y1c1982qr9ntencentvk973593verfeqqvf4px57y1c1982qr9ntencentcloudvk97cm9a2f38atfx9jpzmmkmhq982h9bmvoicevk973593verfeqqvf4px57y1c1982qr9nwechatvk973593verfeqqvf4px57y1c1982qr9n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.