Dynamic code execution
Critical
- Finding
- Dynamic code execution detected.
Super-Transcribe — Unified Speech-to-Text
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears purpose-aligned for transcription, but it downloads large ML dependencies/models and may use a HuggingFace token for diarization, so review setup before use.
This skill looks consistent with a transcription tool, not malware. Before installing, confirm the download size, expect large model/dependency caches, verify the referenced dispatcher file exists, and only provide or use a HuggingFace token if you need diarization.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
First use can download and install substantial third-party ML packages and models.
Why it was flagged
The skill intentionally installs backend environments and dependencies on first use. This is coherent for ML transcription, but it means users should expect external package/model downloads.
Skill content
Lazy loading: each backend sets up its own venv on first use. No pre-configuration needed — just transcribe and the right backend installs itself.
Recommendation
Use the documented dry-run/preview, approve downloads explicitly, and install only from a trusted environment.
What this means
Enabling optional features may install and run additional dependency code in the backend virtual environment.
Why it was flagged
The helper can install Python packages at runtime using uv or pip. The visible use is for optional diarization dependencies, which is purpose-aligned but still executes newly installed package code.
Skill content
cmd = ["uv", "pip", "install", "--python", python_exe, package_name] ... subprocess.run(cmd, check=True, capture_output=quiet, text=True, timeout=300)
Recommendation
Only enable optional features such as diarization when needed, and consider preinstalling/auditing dependencies if operating in a sensitive environment.
What this means
If diarization is used, the skill may use the user's HuggingFace credentials to access gated models.
Why it was flagged
The diarization path can pass a HuggingFace token to the pyannote model loader. This is expected for gated diarization models and is disclosed, but it is credential use.
Skill content
if hf_token:
pretrained_kwargs["use_auth_token"] = hf_token
pipeline = PyannotePipeline.from_pretrained(
"pyannote/speaker-diarization-3.1",
**pretrained_kwargs,
)Recommendation
Use a HuggingFace token with the minimum needed access and avoid enabling diarization unless you intend to use pyannote.
What this means
The documented command may not be present or reviewable in the supplied package artifacts.
Why it was flagged
The documented entrypoint is repeatedly referenced, but the supplied file manifest does not list `scripts/transcribe`. This is a provenance/usability gap in the provided artifact set rather than evidence of malicious behavior.
Skill content
./scripts/transcribe --check --json
Recommendation
Verify that the installed package contains the expected `scripts/transcribe` file before running commands, and run commands from the intended skill directory.