Skillv1.1.0

ClawScan security

Crazyrouter Stt · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 10, 2026, 1:07 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to do what it says (upload local audio to Crazyrouter for Whisper transcription) but registry metadata omits the required API key and the runtime allows overriding the API endpoint — these inconsistencies reduce trust.
Guidance: This skill's code looks consistent with a transcription helper: it reads a local audio file and posts it to Crazyrouter using CRAZYROUTER_API_KEY. However, the registry metadata did not declare that an API key is required while the SKILL.md and script do — that's an inconsistency you should ask the publisher to fix before trusting the package. Before installing: (1) confirm the CRAZYROUTER_API_KEY is from a legitimate Crazyrouter account and understand their privacy/retention policies, (2) be cautious with sensitive audio since the script uploads it to a remote API, (3) note the CRAZYROUTER_BASE_URL env var can redirect where audio is sent — avoid setting it to unknown endpoints, and (4) if you don't trust the source, run the script in an isolated environment or review the code yourself. If the publisher updates the registry metadata to declare the required env vars, confidence would increase.

Purpose & Capability: noteThe code and SKILL.md implement speech-to-text via a Crazyrouter API and require an API key — this matches the declared purpose. However, the registry metadata lists no required environment variables while the SKILL.md and script both require CRAZYROUTER_API_KEY (and optionally CRAZYROUTER_BASE_URL), which is an incoherence.
Instruction Scope: okInstructions limit actions to reading the specified input file, forming a multipart request, and POSTing to the Crazyrouter audio transcription/translation endpoints. The script does not attempt to read unrelated files or environment variables beyond the API key and optional base URL.
Install Mechanism: okNo install spec or remote downloads; the skill is delivered as two local files (SKILL.md and scripts/main.mjs). Nothing on-disk is fetched or executed from untrusted URLs by the install process.
Credentials: concernThe script requires CRAZYROUTER_API_KEY (and reads CRAZYROUTER_BASE_URL if set). Those variables are proportionate to the stated purpose, but the registry metadata does not declare them — meaning users may not be warned about providing a secret. The presence of CRAZYROUTER_BASE_URL allows redirecting uploads to a custom endpoint, which could exfiltrate audio if misused.
Persistence & Privilege: okalways is false and the skill does not request permanent or system-wide privileges. It does not modify other skills or system configs.