ClawHub
Back to skill
v1.0.0

xiaoyuzhou-asr

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:27 PM.

Analysis

The skill appears to do the advertised local podcast transcription, but it relies on Xiaoyuzhou account tokens and third-party local tools that users should trust before use.

GuidanceBefore installing, make sure you trust the xyz API server, qwen3-asr-rs, the Hugging Face model download, and your local ffmpeg/ASR binaries. Keep Xiaoyuzhou tokens private, prefer localhost for the API server, and delete temporary audio/transcript files if they contain content you do not want retained.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusNote
SKILL.md
git clone https://github.com/ultrazg/xyz.git && cd xyz && go run . ... git clone https://github.com/alan890104/qwen3-asr-rs.git && cd qwen3-asr-rs

Setup depends on running/building external repositories without pinned commits or checksums. This is disclosed and aligned with the skill's purpose, but it is a supply-chain trust point.

User impactFuture changes or compromise of those third-party projects could affect what code runs locally during setup or transcription.
RecommendationReview the repositories, pin trusted commits or releases where possible, and build/run them in a least-privilege environment.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
scripts/transcribe_podcast.py
cmd = ["ffmpeg", "-y", "-i", str(input_path), ...]; subprocess.run(cmd, capture_output=True, text=True)

The script invokes local binaries such as ffmpeg/ffprobe and the configured ASR executable. This is expected for audio conversion/transcription, but it means the skill executes local tools on downloaded media.

User impactUsing an untrusted ASR binary or outdated media tooling could run unwanted code or mishandle downloaded audio files.
RecommendationUse trusted binary paths, keep ffmpeg updated, and avoid pointing the script at executables from unknown sources.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
Store in env: `XYZ_ACCESS_TOKEN`, `XYZ_REFRESH_TOKEN`; Prompt user to login if no valid token

The skill expects Xiaoyuzhou/Jike access and refresh tokens. This is needed for the stated API integration, but those credentials can access the user's account through the xyz API.

User impactIf the token is exposed or sent to an untrusted API server, someone could use it to access account-linked Xiaoyuzhou data or actions available to that token.
RecommendationUse tokens only with a trusted local xyz server, keep them out of shared logs, and revoke or rotate them if exposed.