openclaw-mlx-audio Security Report — Low Risk | ClawSafe

8 /100

openclaw-mlx-audio

Local TTS/STT integration for OpenClaw using mlx-audio - Zero API keys, Zero cloud dependency

A legitimate local TTS/STT plugin for Apple Silicon with no malicious behavior detected; shell and filesystem access is limited to documented CLI tool execution for mlx-audio.

Skill Nameopenclaw-mlx-audio

Duration47.8s

Enginepi

✓

Safe to install

Approve for use. Consider pinning uv version in install.sh for reproducibility, but no security action required.

Findings 3 items

Severity	Finding	Location
Low	curl\|sh pattern in install.sh install.sh line 38 uses 'curl -LsSf https://astral.sh/uv/install.sh \| sh' to install the uv package manager. This is the official and documented installation method for uv (Astral's Python package manager). No alternative offline method is available for uv. `curl -LsSf https://astral.sh/uv/install.sh \| sh` → Document this as a required bootstrap step. Consider adding a hash verification for the install script or offering a manual install path for air-gapped environments.	`install.sh:38`
Low	Python HTTP servers bound to localhost python-runtime/tts_server.py and stt_server.py create local HTTP servers on 127.0.0.1 ports 19280/19290. These are not exposed externally and are scoped to local plugin use only. `parser.add_argument("--host", default="127.0.0.1")` → No action needed. Binding to localhost is the correct default for local-only services.	`python-runtime/tts_server.py:127`
Info	uv tool install without version pinning install.sh runs 'uv tool install --force mlx-audio --prerelease=allow' without specifying a version. The --prerelease flag may pull unstable builds. `uv tool install --force mlx-audio --prerelease=allow` → Pin to a specific version tag or commit for reproducible builds, e.g., uv tool install [email protected].	`install.sh:43`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`WRITE`	✓ Aligned	src/index.ts:12,166,177 — fs.mkdirSync, fs.existsSync, fs.readFileSync used for …
Shell	`WRITE`	`WRITE`	✓ Aligned	src/index.ts:14 — execSync and spawn used to invoke documented mlx-audio CLI bin…
Network	`NONE`	`NONE`	—	TTS/STT servers bind to 127.0.0.1 only; no outbound network calls from plugin co…
Environment	`NONE`	`READ`	✓ Aligned	python-runtime/tts_server.py:18-19 and stt_server.py:17-18 — os.getenv for TTS_M…

2 Critical 7 findings

💀

Critical Dangerous Command 危险 Shell 命令

curl -LsSf https://astral.sh/uv/install.sh | sh

README.md:79

💀

Critical Dangerous Command 危险 Shell 命令

rm -rf ~

README.md:172

🔗

Medium External URL 外部 URL

https://discord.gg/clawd

COMPLETION_REPORT.md:108

🔗

Medium External URL 外部 URL

https://clawhub.ai/gandli/openclaw-mlx-audio

DISCORD_TEST_RESULTS.md:152

🔗

Medium External URL 外部 URL

https://astral.sh/uv/install.sh

README.md:79

🔗

Medium External URL 外部 URL

https://docs.openclaw.ai

README.md:244

🔗

Medium External URL 外部 URL

https://clawhub.ai

README.md:244

File Tree

27 files · 97.6 KB · 3703 lines

Markdown 13f · 2130L TypeScript 4f · 474L Python 2f · 354L JavaScript 2f · 350L Shell 3f · 225L JSON 3f · 170L

├─ ▾ 📁 dist

│ ├─ 📜 index.d.ts TypeScript 9L · 305 B

│ ├─ 📜 index.js JavaScript 346L · 12.5 KB

│ ├─ 📜 types.d.ts TypeScript 24L · 655 B

│ └─ 📜 types.js JavaScript 4L · 88 B

├─ ▾ 📁 python-runtime

│ ├─ 🐍 stt_server.py Python 200L · 6.0 KB

│ └─ 🐍 tts_server.py Python 154L · 4.8 KB

├─ ▾ 📁 scripts

│ └─ 🔧 auto-improve.sh Shell 66L · 2.0 KB

├─ ▾ 📁 skills

│ └─ ▾ 📁 openclaw-mlx-audio

│ └─ 📝 SKILL.md Markdown 176L · 3.2 KB

├─ ▾ 📁 src

│ ├─ 📜 index.ts TypeScript 414L · 10.9 KB

│ └─ 📜 types.ts TypeScript 27L · 587 B

├─ ▾ 📁 test

│ └─ 🔧 run_tests.sh Shell 99L · 3.3 KB

├─ 📝 AUTORESEARCH_PLAN.md Markdown 77L · 2.1 KB

├─ 📝 COMPLETION_REPORT.md Markdown 116L · 3.2 KB

├─ 📝 DISCORD_TEST_PLAN.md Markdown 147L · 3.9 KB

├─ 📝 DISCORD_TEST_RESULTS.md Markdown 152L · 3.8 KB

├─ 🔧 install.sh Shell 60L · 1.6 KB

├─ 📋 openclaw.plugin.json JSON 92L · 3.0 KB

├─ 📋 package.json JSON 57L · 1.3 KB

├─ 📝 PROGRESS_REPORT.md Markdown 115L · 2.7 KB

├─ 📝 README.md Markdown 250L · 6.2 KB

├─ 📝 RELEASE_CHECKLIST.md Markdown 152L · 4.2 KB

├─ 📝 RELEASE_READY.md Markdown 261L · 5.5 KB

├─ 📝 SKILL.md Markdown 176L · 3.2 KB

├─ 📝 TASK_SUMMARY.md Markdown 91L · 2.3 KB

├─ 📝 TEST_PLAN.md Markdown 230L · 4.7 KB

├─ 📋 tsconfig.json JSON 21L · 518 B

└─ 📝 USING_AUTORESEARCH.md Markdown 187L · 5.1 KB

Dependencies 3 items

Package	Version	Source	Known Vulns	Notes
`mlx-audio`	`unpinned`	uv tool install	No	Installed via 'uv tool install --prerelease=allow' without version pin
`ffmpeg`	`unpinned`	brew/apt-get/dnf	No	System package manager handles versioning
`uv`	`unpinned`	curl\|sh	No	Official Astral installer, no version pin

Security Positives

✓ No credential harvesting — no access to ~/.ssh, ~/.aws, .env, or any secrets

✓ No data exfiltration — all audio processing is local, no POSTs to external IPs

✓ No base64/eval/atob deobfuscation — no hidden code execution patterns

✓ No reverse shell or C2 communication — no suspicious network behavior

✓ Subprocess calls are constrained to documented mlx-audio CLI binaries with hardcoded argument arrays

✓ Python servers bind exclusively to 127.0.0.1 (localhost), not exposed externally

✓ The plugin is well-documented with clear architecture and no hidden functionality

✓ No hidden instructions in HTML comments or documentation

✓ Filesystem writes are scoped to /tmp directory only, not user home directory

Scan Report

Findings 3 items

File Tree

Dependencies 3 items

Security Positives