Audio-Segmenter 安全扫描报告 — 低风险 | ClawSafe

25 /100

Audio-Segmenter

智能音频切片工具，支持单文件或文件夹递归切片，自动处理ffmpeg依赖，保留原目录结构

Audio-slicing skill with legitimate audio-processing functionality but with undeclared ffmpeg dependency and unpinned pip installations that pose minor supply-chain and documentation-mismatch risks.

技能名称Audio-Segmenter

分析耗时43.0s

引擎pi

✓

可以安装

Declare ffmpeg as a required binary in SKILL.md metadata, pin dependency versions, and consider removing the large commented-out PyTorch/GPU installation block to reduce supply-chain risk surface.

安全发现 4 项

严重性	安全发现	位置
中危	Undeclared ffmpeg binary dependency 文档欺骗 SKILL.md metadata.bins only declares 'python', but audio_slicer.py silently downloads and installs ffmpeg (100-200MB) via ffmpeg-downloader from third-party sites (gyan.dev, johnvansickle, evermeet.cx). This is a doc-to-code mismatch. `subprocess.run(["ffdl", "install"], input="Y\n", text=True, check=True)` → Add ffmpeg to metadata.bins in SKILL.md or document the auto-download behavior explicitly.	`scripts/audio_slicer.py:54`
中危	Unpinned dependency installations from third-party mirrors 供应链 ensure_package.py installs 'pydub' and 'ffmpeg-downloader' without version constraints from the Chinese mirror pypi.tuna.tsinghua.edu.cn, exposing users to dependency confusion and typosquatting attacks. `subprocess.check_call([sys.executable, "-m", "pip", "install", "--upgrade", pip_pkg, "-i", "https://pypi.tuna.tsinghua.edu.cn/simple", "--quiet"])` → Pin exact versions (e.g., pydub==0.25.1) and consider using the primary PyPI index or a trusted mirror.	`scripts/ensure_package.py:35`
低危	Inactive but present large dependency-installation code block 供应链 env_manager.py contains ~100 lines of commented-out code (lines 50-150) that, if uncommented, would install PyTorch (~2-3GB), audio-separator, librosa, and huggingface-hub via unpinned pip from dynamic PyTorch URLs based on GPU detection. `# if Path(venv_python).exists() and is_torch_gpu_installed(venv_python): ...` → Remove or replace commented-out block with a requirements.txt to prevent future misuse.	`scripts/env_manager.py:50`
低危	README.md Python version mismatch with code 文档欺骗 README.md states 'Python 3.8+' in badge but env_manager.py enforces 3.10~3.12 via check_python_version(), creating a minor doc mismatch. `Python-3.8%2B-green.svg` → Update README.md Python version badge to 3.10+.	`README.md:4`

资源类型	声明权限	推断权限	状态	证据
命令执行	`WRITE`	`WRITE`	✓ 一致	audio_slicer.py:54 subprocess.run
文件系统	`WRITE`	`WRITE`	✓ 一致	audio_slicer.py:85 makedirs, export calls
网络访问	`NONE`	`READ`	✗ 越权	ensure_package.py:50 downloads from pypi.tuna.tsinghua.edu.cn; ffdl install down…
环境变量	`NONE`	`READ`	✓ 一致	env_manager.py:89 checks RUNNING_IN_VENV; env_manager.py:39 checks Python versio…

8 项发现

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/License-Apache%202.0-blue.svg

README.md:3

🔗

中危外部 URL 外部 URL

https://opensource.org/licenses/Apache-2.0

README.md:3

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/Python-3.8%2B-green.svg

README.md:4

🔗

中危外部 URL 外部 URL

https://www.python.org/

README.md:4

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/OpenClaw-Skill-orange.svg

README.md:5

🔗

中危外部 URL 外部 URL

https://pypi.tuna.tsinghua.edu.cn/simple

scripts/ensure_package.py:50

🔗

中危外部 URL 外部 URL

https://download.pytorch.org/whl/cpu

scripts/env_manager.py:148

🔗

中危外部 URL 外部 URL

https://download.pytorch.org/whl/

scripts/env_manager.py:161

目录结构

8 文件 · 29.0 KB · 676 行

Python 5f · 557L Markdown 2f · 75L Ignore 1f · 44L

├─ ▾ 📁 scripts

│ ├─ 🐍 audio_slicer.py Python 142L · 5.9 KB

│ ├─ 🐍 config.py Python 52L · 2.1 KB

│ ├─ 🐍 ensure_package.py Python 73L · 2.8 KB

│ ├─ 🐍 env_manager.py Python 235L · 10.4 KB

│ └─ 🐍 logger_manager.py Python 55L · 2.6 KB

├─ 📄 .gitignore Ignore 44L · 735 B

├─ 📝 README.md Markdown 44L · 2.8 KB

└─ 📝 SKILL.md Markdown 31L · 1.7 KB

依赖分析 3 项

包名	版本	来源	已知漏洞	备注
`pydub`	`unpinned`	pypi.tuna.tsinghua.edu.cn	否	Installed without version constraint
`ffmpeg-downloader`	`unpinned`	pypi.tuna.tsinghua.edu.cn	否	Installed without version constraint; downloads ffmpeg from gyan.dev/johnvansickle/evermeet.cx
`ffmpeg`	`unpinned`	third-party binary sites (gyan.dev, johnvansickle, evermeet.cx)	否	Not declared in SKILL.md; silently downloaded as binary

安全亮点

✓ No credential theft or sensitive data access observed

✓ No obfuscation (no base64, eval, or anti-analysis techniques)

✓ No network exfiltration or C2 communication detected

✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive paths

✓ No reverse shell, RCE, or persistence mechanisms

✓ Virtual environment isolation (venv) is a positive security practice

✓ Core functionality (audio slicing with pydub) is genuine and matches stated purpose