oasis-audio Security Report — Trusted | ClawSafe

5 /100

oasis-audio

AI audio narration generator that reads local conversation history and sends composed anonymized text prompts to xplai.ai for audio generation

Oasis Audio is a well-designed audio generation skill with strong data-safety controls, explicit content sanitization, and no evidence of credential harvesting, remote code execution, or data exfiltration beyond its declared API endpoint.

Skill Nameoasis-audio

Duration36.9s

Enginepi

✓

Safe to install

Approve for use. No security concerns require mitigation.

Findings 2 items

Severity	Finding	Location
Low	Audit log write not declared in SKILL.md xplai_gen_audio.py writes an audit.log file locally. SKILL.md declares filesystem:READ only. The write is benign (local, on-demand, debug-optional), but not documented. `with open(AUDIT_LOG_PATH, 'a', encoding='utf-8') as f:` → Add 'filesystem:WRITE' for audit.log or gate writes behind a flag to avoid local filesystem side effects.	`xplai_gen_audio.py:44`
Low	Network scope wording mismatch SKILL.md describes network access as HTTPS requests (read-like framing) but the actual operation is POST/GET which sends data. Declared 'READ' but operates as 'WRITE' for the audio generation step. `Network: HTTPS requests to xplai.ai only` → Clarify that the skill sends composed text prompts to xplai.ai (network:WRITE) rather than reading from it.	`SKILL.md:158`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ+WRITE`	✓ Aligned	xplai_gen_audio.py:44 - AUDIT_LOG_PATH write; debug_utils.py debug logging
Network	`READ`	`WRITE`	✓ Aligned	xplai_gen_audio.py:75 - POST requests send text payload to xplai.ai; SKILL.md co…
Shell	`NONE`	`NONE`	—	No subprocess, os.system, or shell execution found
Environment	`NONE`	`NONE`	—	No os.environ iteration or credential access
Skill Invoke	`NONE`	`NONE`	—	No nested skill invocation
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access

3 findings

🔗

Medium External URL 外部 URL

https://eagle-api.xplai.ai

SKILL.md:3

🔗

Medium External URL 外部 URL

https://www.xplai.ai/

SKILL.md:26

🔗

Medium External URL 外部 URL

https://www.xplai.ai/#/video/

xplai_status.py:55

File Tree

7 files · 47.4 KB · 1063 lines

Python 4f · 683L Markdown 3f · 380L

├─ 📝 audio_modes.md Markdown 45L · 3.0 KB

├─ 🐍 context_collector.py Python 393L · 12.9 KB

├─ 🐍 debug_utils.py Python 52L · 1.4 KB

├─ 📝 SKILL.md Markdown 200L · 11.5 KB

├─ 📝 text_architecture.md Markdown 135L · 10.3 KB

├─ 🐍 xplai_gen_audio.py Python 154L · 5.4 KB

└─ 🐍 xplai_status.py Python 84L · 2.9 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`Python stdlib only`	`N/A`	stdlib	No	Uses only http.client, json, re, pathlib, datetime, argparse — no third-party packages

Security Positives

✓ Active content sanitization: SENSITIVE_PATTERNS regexes block API keys, passwords, SSH keys, Bearer tokens, emails, and file paths from being sent to the API

✓ Strict data scoping: Only composed text prompts (anonymized ~1000 chars) are transmitted; raw conversation history, session files, and USER.md are never sent externally

✓ No credential access: No API key storage, no environment variable enumeration, no ~/.ssh or ~/.aws path access

✓ No shell execution: No subprocess, os.system, eval, base64 piping, or curl|bash patterns found anywhere

✓ Sensitive scene classification: Health, financial, legal, and relationship topics extract emotional tone only — specifics are never quoted

✓ Local-only context collection: context_collector.py operates entirely on-device with read-only session access

✓ No third-party telemetry or analytics

✓ No hardcoded secrets or embedded tokens in any file

✓ Version-agnostic stdlib-only dependencies (http.client, json, re, pathlib)

Scan Report

Findings 2 items

File Tree

Dependencies 1 items

Security Positives