ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

audio-segmenter

v1.1.5

当用户想要**把长音频切成小段**、**音频切片**、**音频分割**、**把音频分成固定时长片段**、**制作语音数据集**、**准备Karaoke素材**、**翻唱音频切片**时自动触发。 支持单个音频文件或整个文件夹(支持递归),自动用 ffmpeg 把音频按指定秒数切成小片段,完美保留原始文件夹结构,并智...

0· 172·0 current·0 all-time
by顶尖王牌程序员@wangminrui2022
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code: the scripts implement audio splitting via pydub and ffmpeg, and the SKILL.md invokes the included audio_slicer.py. Required binary (python) aligns with the stated purpose. However, there are inconsistencies: README suggests Python 3.8+, while env_manager strictly enforces Python 3.10–3.12; config.py exposes a MODEL_DIR and VENV_DIR outside the skill root, implying broader capabilities (models, large installs) that are not needed for simple slicing.
Instruction Scope
SKILL.md instructs the agent to run scripts/audio_slicer.py which will: create/activate a virtual environment, install Python packages at runtime, and auto-download ffmpeg. Those actions are related to ensuring dependencies for audio slicing, but the runtime instructions also execute environment bootstrap code (env_manager.setup_venv) that inspects system Python, can create venvs in an ancestor path, and re-launch the main script — broader system access than a minimal slicer would need.
!
Install Mechanism
There is no static install spec; instead the code performs runtime pip installs (via ensure_package and venv bootstrap) and uses the ffmpeg-downloader package which triggers downloads of external binaries (ffmpeg) from third-party hosts. Runtime installation from network is expected for some scripts but raises risk: it downloads packages and binaries at first run, and will create a virtual environment on disk (VENV_DIR).
!
Credentials
The skill does not request credentials or env vars, which is good. Still, ProjectPaths.VENV_DIR is computed as an ancestor 'venv' outside the skill folder (VENV_DIR = _BASE_PATH.parent.parent.parent / 'venv'), meaning the skill will create/modify a virtual environment in a parent directory (possibly shared), and logger_manager will create logs under SKILL_ROOT/logs — this filesystem scope is broader than strictly necessary for slicing a single file. The env_manager contains (commented) logic to install heavy ML packages (PyTorch, audio-separator), and though that block is commented out, its presence indicates potential for large, unexpected installs in future versions.
Persistence & Privilege
always:false and no special OpenClaw privileges are requested. The script does write persistent files: it creates a virtual environment (potentially in a shared ancestor path), writes logs under SKILL_ROOT/logs, and downloads ffmpeg binaries. These are ordinary but persistent side-effects; the skill does not attempt to modify other skills' configs or request global tokens.
What to consider before installing
This skill appears to implement audio slicing correctly, but exercise caution before running it: 1) It will create a virtual environment on disk (VENV_DIR points to a parent-level 'venv') and install Python packages from the network (pip via Tsinghua mirror) and download ffmpeg binaries — expect ~100–200MB and some network activity. 2) The env_manager enforces Python 3.10–3.12; if your system uses a different version you will be blocked. 3) Check/modify ProjectPaths.VENV_DIR and LOG_DIR if you don't want the skill to create or modify a venv or logs outside the skill folder. 4) If you prefer no automatic installs/downloads, run the slicer in a controlled environment (a disposable container or a per-skill dedicated folder), preinstall pydub and ffmpeg, and inspect or remove env_manager.setup_venv and ensure_package.pip calls. 5) Because the code contains commented logic for installing heavy ML stacks (PyTorch/audio-separator), monitor future updates — those could expand the install footprint. If you want to proceed safely: run the script in an isolated environment (container or VM) or edit the scripts to point VENV_DIR to a local path and disable automatic downloads before first run.

Like a lobster shell, security has layers — review code before you run it.

latestvk978t422qxmtfj7rkw4vj2q00n84gfq8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython

Comments