ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SenseVoice Transcribe

v1.0.0

Transcribe audio files (WAV/MP3/M4A/FLAC) to timestamped text using SenseVoice-Small + FSMN-VAD. Supports single-file and batch mode with VAD-anchored per-se...

0· 230·0 current·0 all-time
by@ylongw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (SenseVoice transcribe) match the included instructions and the batch_transcribe.py implementation: model loading, VAD segmentation, timestamp mapping, file collection, and transcript output are all relevant and expected. Required packages (funasr, modelscope, onnxruntime) and model downloads are proportionate to on-device transcription.
Instruction Scope
SKILL.md and the script operate on a 'daylog' directory (raw/ → transcripts/) and include expected behaviors (dry-run, re-transcribe, indexed outputs). The script can delete transcripts with --force-dates and can POST to a Discord webhook if the user provides one; both are documented CLI options. These behaviors are within the stated purpose but are powerful (deletion, external webhook) and should be used with care.
Install Mechanism
No install spec in the registry (instruction-only), and SKILL.md recommends creating a Python venv and pip installing specific packages. This is a standard, low-risk approach for a Python-based transcription tool. Models are auto-downloaded from ModelScope as described.
Credentials
The skill requests no environment variables or credentials. The only network interaction is optional and user-supplied (Discord webhook URL) and model downloads from ModelScope on first run — both are consistent with purpose and proportionate.
Persistence & Privilege
The skill is not forced-always and uses default autonomous invocation settings. It does write transcripts and an optional progress file and can delete files when --force-dates is used; these are normal for a batch-processing tool and are limited to its working directories.
Assessment
This skill appears coherent for local batch transcription. Before running: (1) review and run it inside an isolated venv as documented; (2) confirm the script will be pointed at the correct daylog directory (it writes to and may delete files there with --force-dates); (3) only supply a Discord webhook URL you control — the webhook is optional and would allow the script to send status messages; (4) be aware models (~234MB + VAD) will be downloaded from ModelScope on first run and that the script will write progress files where you point PROGRESS_FILE; (5) back up any existing transcripts before using --force-dates. If you want extra assurance, inspect the full script run (stdout/logs) during a dry-run and search the file for any additional network calls or subprocess usage not covered in the visible code.

Like a lobster shell, security has layers — review code before you run it.

latestvk973bgjfyy762q4g4fyg5bzspx82szaq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments