audio-transcribe-summarize Security Report — Trusted | ClawSafe

5 /100

audio-transcribe-summarize

Transcribe audio/video files to text and generate structured summaries using SenseAudio ASR API

Legitimate audio transcription skill with all capabilities properly declared in documentation. No malicious behavior detected.

Skill Nameaudio-transcribe-summarize

Duration34.1s

Enginepi

✓

Safe to install

This skill is safe to use. No security concerns identified.

Findings 1 items

Severity	Finding	Location
Low	requests library version not pinned Supply Chain The transcribe.py script imports requests but does not specify a version constraint. This could lead to unexpected behavior if a new major version with breaking changes is installed. `import requests` → Consider pinning requests version (e.g., requests>=2.28.0) or using a requirements.txt file.	`scripts/transcribe.py:29`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ,WRITE`	`READ,WRITE`	✓ Aligned	Reads audio files and writes transcript outputs
Network	`READ`	`READ`	✓ Aligned	POSTs to api.senseaudio.cn for transcription
Shell	`WRITE`	`WRITE`	✓ Aligned	subprocess.run for ffmpeg/ffprobe on lines 84-91, 108-113
Environment	`READ`	`READ`	✓ Aligned	get_api_key() reads SENSEAUDIO_API_KEY on line 63
Skill Invoke	`NONE`	`NONE`	—	No skill invocation found
Clipboard	`NONE`	`NONE`	—	No clipboard access found
Browser	`NONE`	`NONE`	—	No browser access found
Database	`NONE`	`NONE`	—	No database access found

3 findings

🔗

Medium External URL 外部 URL

https://senseaudio.cn/platform/api-key

SKILL.md:14

🔗

Medium External URL 外部 URL

https://ffmpeg.org/download.html

SKILL.md:16

🔗

Medium External URL 外部 URL

https://api.senseaudio.cn/v1/audio/transcriptions

api-reference.md:6

File Tree

3 files · 17.1 KB · 523 lines

Python 1f · 296L Markdown 2f · 227L

├─ ▾ 📁 scripts

│ └─ 🐍 transcribe.py Python 296L · 10.1 KB

├─ 📝 api-reference.md Markdown 109L · 3.4 KB

└─ 📝 SKILL.md Markdown 118L · 3.6 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`requests`	`*`	pip	No	Version not pinned, minor risk
`ffmpeg`	`system`	system	No	External binary, declared in SKILL.md

Security Positives

✓ All functionality fully declared in SKILL.md with clear documentation

✓ Network calls go only to declared API endpoint (api.senseaudio.cn)

✓ Shell execution limited to ffmpeg/ffprobe for legitimate audio processing

✓ API key usage is scoped to authentication with the declared service only

✓ No credential harvesting beyond legitimate API authentication

✓ No obfuscation, base64 encoding, or anti-analysis techniques

✓ No data exfiltration beyond intended API transcription service

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env files)

✓ Clean, readable code with proper error handling

Scan Report

Findings 1 items

File Tree

Dependencies 2 items

Security Positives