Back to skill
Skillv1.2.0
ClawScan security
Asr Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 9, 2026, 5:48 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, runtime instructions, and required environment are coherent with an on‑premises ASR service: nothing requested is disproportionate to its stated purpose, but you should harden deployment (network/model download and unauthenticated endpoints).
- Guidance
- This skill appears to do what it claims (local ASR using Qwen3-ASR). Before installing: 1) Restrict network access or run behind a firewall if you do not want automatic model downloads or remote access; the first run may download ~6GB from Hugging Face. 2) Do not expose the HTTP endpoints (/transcribe, /align, /webhook) to the public internet without adding authentication and rate limits — the webhook and APIs in the source have no auth. 3) Verify MODEL_NAME and model source you trust (avoid untrusted mirrors). 4) Monitor disk/memory usage (models are large) and adjust BATCH_SIZE, MAX_NEW_TOKENS, and thread params as needed. 5) If you require stricter privacy guarantees, confirm network egress and any telemetry from dependencies (e.g., huggingface_hub) are acceptable. Installing/running on an isolated machine or behind an API gateway is recommended.
Review Dimensions
- Purpose & Capability
- okName/description (Qwen ASR dialect recognizer) match the code and files: an Express server invoking a Python ASR backend using a Qwen3-ASR model. Required binaries (node, python3) and env vars (MODEL_NAME, DEVICE, DTYPE, PORT, HOST) are appropriate for this functionality.
- Instruction Scope
- noteSKILL.md and code limit behavior to receiving audio, running local inference, returning text, and deleting temporary files. Two operational notes: the /webhook and HTTP APIs are implemented without authentication in the provided source (no token/verification), and some environment variables referenced in code/docs (PYTHON_PATH, CACHE_DIR, ENABLE_FORCED_ALIGNER, MAX_NEW_TOKENS, BATCH_SIZE) are not listed in the 'required' metadata — callers/operator must configure them. Also the server may download model weights from Hugging Face at first run (network activity).
- Install Mechanism
- okThere is no opaque remote install URL; dependencies are standard (npm, pip). Model artifacts are fetched from Hugging Face (or a mirror if configured) which is expected for model-based skills. No extract-from-arbitrary-URL installers or shorteners are present.
- Credentials
- noteDeclared required env vars are minimal and appropriate. The code and docs also reference additional optional envs (PYTHON_PATH, CACHE_DIR, HF_ENDPOINT, ENABLE_FORCED_ALIGNER, etc.) and runtime config (MAX_NEW_TOKENS, BATCH_SIZE). No secrets or third‑party API tokens are required by the skill itself, which is proportionate.
- Persistence & Privilege
- okSkill is not forced-always or otherwise privileged. It does not modify other skills or global agent settings. It runs as a standalone service and cleans uploaded files after processing.