ClawHub
Back to skill

Security audit

火一五 ASR 转写与纪要

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed transcription and meeting-notes workflow, with expected cautions around local media processing, optional Hugging Face token use, and output file overwrites.

Install if you are comfortable processing local recordings or terminal logs with these tools. Prefer local transcription for private content, use a virtual environment, provide Hugging Face credentials via environment variables rather than command-line arguments, review any cloud ASR provider before sending audio, and check output paths because MP3 conversion can overwrite existing files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
The skill instructs use of HuggingFace authentication via `huggingface-cli login` or `HF_TOKEN` for diarization models, introducing credential handling into a transcription workflow. This is dangerous because agents or users may expose tokens in shell history, logs, environment dumps, or downstream outputs, especially when the skill also discusses notes/output packaging and cross-tool execution.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill directs the agent to invoke another skill's script using a workspace path and even a hard-coded local Python executable path, extending behavior from ASR into arbitrary local document generation. This increases risk because cross-skill execution can run unreviewed code, leak local path information, and perform filesystem writes outside the narrowly stated transcription function.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script invokes ffmpeg with the `-y` flag, which forces overwriting the destination file without prompting. If the output path points to an existing file, data can be silently destroyed, which is especially risky in an automation context where paths may be derived from user input or reused across runs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal