火一五 ASR 转写与纪要
AdvisoryAudited by Static analysis on May 8, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, a chosen output file could be overwritten during conversion.
The helper runs a local ffmpeg command and overwrites the chosen output path with `-y`; this is central to media conversion but is still local command/file-write authority.
ffmpeg -y -i "$1" -vn -acodec libmp3lame -q:a 2 "$2"
Run it only on files you intend to process and choose a new output path or back up important files first.
Installing these packages may download large dependencies and model files from external sources.
The skill directs unpinned third-party package installs and model downloads for Whisper/WhisperX; this is expected for ASR but the dependency versions and provenance are not locked by the artifact.
pip install openai-whisper ... pip install whisperx
Use a virtual environment, install from official package sources, and pin/review versions if you need reproducible or high-trust deployments.
A Hugging Face token may grant account/model access if leaked.
Optional speaker diarization uses a Hugging Face token. This is purpose-aligned and not printed by the script, but it is credential handling and can be exposed if passed on the command line.
parser.add_argument("--hf_token", default=None, help="HuggingFace Token..."); hf_token = args.hf_token or os.environ.get("HF_TOKEN", None)Prefer `HF_TOKEN` in a local environment variable over a command-line argument, use least-privileged tokens, and revoke tokens if exposed.
Private recordings or terminal-session content could leave the local machine if cloud ASR is selected.
The skill permits cloud ASR with a user-specified API, which may transmit audio/video content externally; the artifact discloses this and warns about privacy.
云端 ASR:若用户明确要求或本地不可用,使用用户指定的 API;须注意隐私与合规。
Use local transcription for sensitive material, and only use cloud ASR providers you trust and have permission to share the content with.