Security checks across malware telemetry and agentic risk
The skill does restore punctuation, but it also makes broad, partly under-disclosed Python environment changes and installs unrelated audio-processing packages.
Review before installing. Use only in an isolated Python environment, expect network downloads and package changes, avoid sensitive text if local logs are unacceptable, and run directory mode only on folders you intentionally want copied and processed.
"""专门为老项目(使用 pkg_resources 的 setup.py)修复 setuptools 版本"""
logger.info("🔧 正在修复 setuptools 版本(兼容旧 GitHub 包构建)...")
try:
subprocess.check_call([
sys.executable, "-m", "pip", "install",
"--quiet", "--force-reinstall", "setuptools<=81.2.0", "wheel"
])cmd.extend(["-i", "https://pypi.tuna.tsinghua.edu.cn/simple"])
try:
subprocess.check_call(cmd)
logger.info(f"✅ {spec} 安装/升级完成!")
except subprocess.CalledProcessError as e:logger.warning(f"🔧 正在安装 {install_str} ...")
try:
subprocess.check_call([
sys.executable, "-m", "pip", "install",
install_str,
"-i", "https://pypi.tuna.tsinghua.edu.cn/simple",sys.executable, "-m", "pip", "install",
"--upgrade", fallback_zip, "--quiet"
]
subprocess.check_call(cmd_fallback)
logger.info(f"✅ 使用本地包 {fallback_zip} 安装成功!")
return
except subprocess.CalledProcessError as e2:logger.info("虚拟环境创建成功")
logger.info("正在升级 pip...")
subprocess.check_call([str(venv_python), "-m", "pip", "install", "--upgrade", "pip"])
# ==================== 检查 PyTorch GPU 是否已安装 ====================
if Path(venv_python).exists() and is_torch_gpu_installed(venv_python):# 安装 PyTorch
logger.info("正在安装 PyTorch(~2-3GB,请耐心等待)...")
subprocess.check_call([
str(venv_python), "-m", "pip", "install", "torch", "torchvision", "torchaudio",
"--index-url", index_url
])logger.info("安装 audio-separator CPU 版 + librosa...")
subprocess.check_call([str(venv_python), "-m", "pip", "install", "audio-separator[cpu]", "librosa"])
subprocess.check_call([str(venv_python), "-m", "pip", "install", "pydub"])
subprocess.check_call([str(venv_python), "-m", "pip", "install", "huggingface-hub[tqdm]"])
logger.info("✅ 虚拟环境及所有依赖安装完成!")subprocess.check_call([str(venv_python), "-m", "pip", "install", "audio-separator[cpu]", "librosa"])
subprocess.check_call([str(venv_python), "-m", "pip", "install", "pydub"])
subprocess.check_call([str(venv_python), "-m", "pip", "install", "huggingface-hub[tqdm]"])
logger.info("✅ 虚拟环境及所有依赖安装完成!")# 安装 audio-separator + librosa(你提到的)
if use_gpu:
logger.info("安装 audio-separator GPU 版 + librosa...")
subprocess.check_call([str(venv_python), "-m", "pip", "install", "audio-separator[gpu]", "librosa"])
else:
logger.info("安装 audio-separator CPU 版 + librosa...")
subprocess.check_call([str(venv_python), "-m", "pip", "install", "audio-separator[cpu]", "librosa"])subprocess.check_call([str(venv_python), "-m", "pip", "install", "audio-separator[gpu]", "librosa"])
else:
logger.info("安装 audio-separator CPU 版 + librosa...")
subprocess.check_call([str(venv_python), "-m", "pip", "install", "audio-separator[cpu]", "librosa"])
subprocess.check_call([str(venv_python), "-m", "pip", "install", "pydub"])
subprocess.check_call([str(venv_python), "-m", "pip", "install", "huggingface-hub[tqdm]"])65/65 vendors flagged this skill as clean.