openclaw-mlx-audio 安全扫描报告 — 低风险 | ClawSafe

8 /100

openclaw-mlx-audio

Local TTS/STT integration for OpenClaw using mlx-audio - Zero API keys, Zero cloud dependency

A legitimate local TTS/STT plugin for Apple Silicon with no malicious behavior detected; shell and filesystem access is limited to documented CLI tool execution for mlx-audio.

技能名称openclaw-mlx-audio

分析耗时47.8s

引擎pi

✓

可以安装

Approve for use. Consider pinning uv version in install.sh for reproducibility, but no security action required.

安全发现 3 项

严重性	安全发现	位置
低危	curl\|sh pattern in install.sh install.sh line 38 uses 'curl -LsSf https://astral.sh/uv/install.sh \| sh' to install the uv package manager. This is the official and documented installation method for uv (Astral's Python package manager). No alternative offline method is available for uv. `curl -LsSf https://astral.sh/uv/install.sh \| sh` → Document this as a required bootstrap step. Consider adding a hash verification for the install script or offering a manual install path for air-gapped environments.	`install.sh:38`
低危	Python HTTP servers bound to localhost python-runtime/tts_server.py and stt_server.py create local HTTP servers on 127.0.0.1 ports 19280/19290. These are not exposed externally and are scoped to local plugin use only. `parser.add_argument("--host", default="127.0.0.1")` → No action needed. Binding to localhost is the correct default for local-only services.	`python-runtime/tts_server.py:127`
提示	uv tool install without version pinning install.sh runs 'uv tool install --force mlx-audio --prerelease=allow' without specifying a version. The --prerelease flag may pull unstable builds. `uv tool install --force mlx-audio --prerelease=allow` → Pin to a specific version tag or commit for reproducible builds, e.g., uv tool install [email protected].	`install.sh:43`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`WRITE`	✓ 一致	src/index.ts:12,166,177 — fs.mkdirSync, fs.existsSync, fs.readFileSync used for …
命令执行	`WRITE`	`WRITE`	✓ 一致	src/index.ts:14 — execSync and spawn used to invoke documented mlx-audio CLI bin…
网络访问	`NONE`	`NONE`	—	TTS/STT servers bind to 127.0.0.1 only; no outbound network calls from plugin co…
环境变量	`NONE`	`READ`	✓ 一致	python-runtime/tts_server.py:18-19 and stt_server.py:17-18 — os.getenv for TTS_M…

2 严重 7 项发现

💀

严重危险命令危险 Shell 命令

curl -LsSf https://astral.sh/uv/install.sh | sh

README.md:79

💀

严重危险命令危险 Shell 命令

rm -rf ~

README.md:172

🔗

中危外部 URL 外部 URL

https://discord.gg/clawd

COMPLETION_REPORT.md:108

🔗

中危外部 URL 外部 URL

https://clawhub.ai/gandli/openclaw-mlx-audio

DISCORD_TEST_RESULTS.md:152

🔗

中危外部 URL 外部 URL

https://astral.sh/uv/install.sh

README.md:79

🔗

中危外部 URL 外部 URL

https://docs.openclaw.ai

README.md:244

🔗

中危外部 URL 外部 URL

https://clawhub.ai

README.md:244

目录结构

27 文件 · 97.6 KB · 3703 行

Markdown 13f · 2130L TypeScript 4f · 474L Python 2f · 354L JavaScript 2f · 350L Shell 3f · 225L JSON 3f · 170L

├─ ▾ 📁 dist

│ ├─ 📜 index.d.ts TypeScript 9L · 305 B

│ ├─ 📜 index.js JavaScript 346L · 12.5 KB

│ ├─ 📜 types.d.ts TypeScript 24L · 655 B

│ └─ 📜 types.js JavaScript 4L · 88 B

├─ ▾ 📁 python-runtime

│ ├─ 🐍 stt_server.py Python 200L · 6.0 KB

│ └─ 🐍 tts_server.py Python 154L · 4.8 KB

├─ ▾ 📁 scripts

│ └─ 🔧 auto-improve.sh Shell 66L · 2.0 KB

├─ ▾ 📁 skills

│ └─ ▾ 📁 openclaw-mlx-audio

│ └─ 📝 SKILL.md Markdown 176L · 3.2 KB

├─ ▾ 📁 src

│ ├─ 📜 index.ts TypeScript 414L · 10.9 KB

│ └─ 📜 types.ts TypeScript 27L · 587 B

├─ ▾ 📁 test

│ └─ 🔧 run_tests.sh Shell 99L · 3.3 KB

├─ 📝 AUTORESEARCH_PLAN.md Markdown 77L · 2.1 KB

├─ 📝 COMPLETION_REPORT.md Markdown 116L · 3.2 KB

├─ 📝 DISCORD_TEST_PLAN.md Markdown 147L · 3.9 KB

├─ 📝 DISCORD_TEST_RESULTS.md Markdown 152L · 3.8 KB

├─ 🔧 install.sh Shell 60L · 1.6 KB

├─ 📋 openclaw.plugin.json JSON 92L · 3.0 KB

├─ 📋 package.json JSON 57L · 1.3 KB

├─ 📝 PROGRESS_REPORT.md Markdown 115L · 2.7 KB

├─ 📝 README.md Markdown 250L · 6.2 KB

├─ 📝 RELEASE_CHECKLIST.md Markdown 152L · 4.2 KB

├─ 📝 RELEASE_READY.md Markdown 261L · 5.5 KB

├─ 📝 SKILL.md Markdown 176L · 3.2 KB

├─ 📝 TASK_SUMMARY.md Markdown 91L · 2.3 KB

├─ 📝 TEST_PLAN.md Markdown 230L · 4.7 KB

├─ 📋 tsconfig.json JSON 21L · 518 B

└─ 📝 USING_AUTORESEARCH.md Markdown 187L · 5.1 KB

依赖分析 3 项

包名	版本	来源	已知漏洞	备注
`mlx-audio`	`unpinned`	uv tool install	否	Installed via 'uv tool install --prerelease=allow' without version pin
`ffmpeg`	`unpinned`	brew/apt-get/dnf	否	System package manager handles versioning
`uv`	`unpinned`	curl\|sh	否	Official Astral installer, no version pin

安全亮点

✓ No credential harvesting — no access to ~/.ssh, ~/.aws, .env, or any secrets

✓ No data exfiltration — all audio processing is local, no POSTs to external IPs

✓ No base64/eval/atob deobfuscation — no hidden code execution patterns

✓ No reverse shell or C2 communication — no suspicious network behavior

✓ Subprocess calls are constrained to documented mlx-audio CLI binaries with hardcoded argument arrays

✓ Python servers bind exclusively to 127.0.0.1 (localhost), not exposed externally

✓ The plugin is well-documented with clear architecture and no hidden functionality

✓ No hidden instructions in HTML comments or documentation

✓ Filesystem writes are scoped to /tmp directory only, not user home directory