ClawHub

Doubao Asr

v0.18.3

Transcribe recorded audio files to text via Doubao Seed-ASR 2.0 (豆包录音文件识别模型2.0) from ByteDance/Volcengine. Best-in-class Chinese speech recognition with spea...

4· 1.2k·7 current·8 all-time
by@vahnxu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe using Volcengine Doubao ASR; required binaries (python3), env vars (API key, IAM access key/secret, TOS bucket/region) and the included transcribe.py all align with uploading audio to TOS and calling the Doubao API. Nothing requested appears unrelated to transcription.
Instruction Scope
SKILL.md and README provide step‑by‑step credential and bucket setup instructions and explicitly restrict the skill to non‑streaming, file transcription. The instructions require the user to set environment variables containing secrets (expected). This is in‑scope, but the SKILL.md includes comprehensive setup guidance so users should follow least‑privilege advice when creating keys.
Install Mechanism
No install spec (instruction-only skill) and only one small Python script included. It relies on requests (not bundled) and python3 being present. No external arbitrary download or archive extraction is used.
Credentials
All required env vars (VOLCENGINE_API_KEY, VOLCENGINE_ACCESS_KEY_ID, VOLCENGINE_SECRET_ACCESS_KEY, VOLCENGINE_TOS_BUCKET, VOLCENGINE_TOS_REGION) are directly needed to upload to TOS and authenticate to the Doubao API. The number of variables is appropriate for this integration and the primaryEnv is the API key.
Persistence & Privilege
Skill is not always-enabled and does not request elevated platform privileges or modify other skills. It runs locally via python3 and uses only the provided environment variables; there is no automatic persistence beyond normal usage.
Assessment
This skill appears to do what it claims. Before installing: 1) Review scripts/transcribe.py yourself (it will use any env vars you set and upload audio to your Volcengine TOS bucket). 2) Create a dedicated IAM sub‑user with minimal permissions scoped to the single TOS bucket (do not reuse broad account keys). 3) Use a single-bucket read/write policy as suggested and avoid granting global TOS/IAM privileges. 4) Test with non‑sensitive audio first and confirm region/bucket settings. 5) If you don’t trust the source repo, run the script in an isolated environment (container or VM) or inspect the code line-by-line before supplying credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk974yvdz6kmk1tqb10n997sx1182zbn2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🫘 Clawdis
Binspython3
EnvVOLCENGINE_API_KEY, VOLCENGINE_ACCESS_KEY_ID, VOLCENGINE_SECRET_ACCESS_KEY, VOLCENGINE_TOS_BUCKET, VOLCENGINE_TOS_REGION
Primary envVOLCENGINE_API_KEY

Comments