中文 EN

扫描报告

扫描新文件

可疑 — 风险评分 55/100
上次扫描:1 天前 重新扫描
55 /100
lessac_offline_voice_system
Local voice system for OpenClaw using faster-whisper and Edge TTS
The skill claims 'fully offline' with 'no data leaves your machine,' but actually uses edge-tts which transmits audio/text to Microsoft cloud servers - a significant doc-to-code mismatch indicating potential data exfiltration.
技能名称lessac_offline_voice_system
分析耗时40.8s
引擎pi
谨慎使用
Do not use this skill. It misrepresents its network behavior, sending voice data to Microsoft's servers despite claiming complete offline operation. If a local TTS solution is needed, use a self-hosted Piper TTS instead.

安全发现 4 项

严重性 安全发现 位置
高危
False claim of offline operation 文档欺骗
SKILL.md explicitly states 'Fully offline: No internet connection required' and 'Privacy-focused: All processing happens locally' and 'No data leaves your machine'. However, the implementation uses 'edge-tts' which is Microsoft's cloud TTS service that sends audio text to Microsoft servers.
**Fully offline**: No internet connection required
**Privacy-focused**: All processing happens locally
**No data leaves your machine**.
→ Either remove the edge-tts dependency and use local Piper TTS only, or update documentation to clearly disclose cloud dependency and data transmission.
 SKILL.md:7
高危
Audio data transmitted to Microsoft cloud 数据外泄
The edge-tts package (installed in install.sh:85) makes HTTPS requests to Microsoft servers to generate TTS audio. This means user-provided text and any processed audio is sent to external servers, contradicting the skill's privacy claims.
pip install faster-whisper edge-tts soundfile
→ Remove edge-tts dependency if true offline operation is required. Use only self-hosted Piper TTS.
 scripts/install.sh:85
中危
Unpinned Python package versions 供应链
Python packages are installed without version constraints: 'pip install faster-whisper edge-tts soundfile'. This allows dependency substitution attacks.
pip install faster-whisper edge-tts soundfile
→ Pin versions: pip install faster-whisper==X.Y.Z edge-tts==X.Y.Z soundfile==X.Y.Z
 scripts/install.sh:85
低危
subprocess with shell=True 代码执行
The voice_handler.py uses subprocess.run with shell=True for ffmpeg execution. While ffmpeg commands are typically static, shell=True introduces potential command injection risk if audio filenames are user-controlled.
subprocess.run(cmd, shell=True, check=True)
→ Use subprocess.run with shell=False and pass arguments as a list for safer execution.
 scripts/voice_handler.py:39
资源类型声明权限推断权限状态证据
文件系统 READ WRITE ✓ 一致 install.sh:100 - Creates config files, copies scripts to $INSTALL_DIR
网络访问 NONE WRITE ✗ 越权 SKILL.md claims offline, but edge-tts sends data to Microsoft servers
命令执行 NONE WRITE ✓ 一致 voice_handler.py:39 - Uses subprocess for ffmpeg (documented CLI tool)
5 项发现
🔗
中危 外部 URL 外部 URL
https://huggingface.co/rhasspy/piper-voices/resolve/v1.0.0/en/en_US/lessac/high/en_US-lessac-high.onnx
README.md:75
🔗
中危 外部 URL 外部 URL
https://huggingface.co/rhasspy/piper-voices/resolve/v1.0.0/en/en_US/lessac/high/en_US-lessac-high.onnx.json
README.md:76
🔗
中危 外部 URL 外部 URL
https://huggingface.co/rhasspy/piper-voices
SKILL.md:165
🔗
中危 外部 URL 外部 URL
https://huggingface.co/rhasspy/piper-voices/resolve/v1.0.0/en/en_US/ryan/high/en_US-ryan-high.onnx
references/voice_models.md:57
🔗
中危 外部 URL 外部 URL
https://huggingface.co/rhasspy/piper-voices/resolve/v1.0.0/en/en_US/ryan/high/en_US-ryan-high.onnx.json
references/voice_models.md:58

目录结构

8 文件 · 39.9 KB · 1419 行
Markdown 3f · 592L Python 3f · 422L Shell 2f · 405L
├─ 📁 references
│ └─ 📝 voice_models.md Markdown 154L · 4.7 KB
├─ 📁 scripts
│ ├─ 🔧 install.sh Shell 247L · 6.5 KB
│ ├─ 🐍 piper_tts.py Python 109L · 3.5 KB
│ ├─ 🐍 test_skill.py Python 192L · 5.6 KB
│ ├─ 🐍 voice_handler.py Python 121L · 4.2 KB
│ └─ 🔧 voice_integration.sh Shell 158L · 4.4 KB
├─ 📝 README.md Markdown 205L · 5.1 KB
└─ 📝 SKILL.md Markdown 233L · 5.9 KB

依赖分析 3 项

包名版本来源已知漏洞备注
faster-whisper * pip Version not pinned
edge-tts * pip Version not pinned - Microsoft cloud service
soundfile * pip Version not pinned

安全亮点

✓ No evidence of credential harvesting from environment variables
✓ No base64-encoded payloads or obfuscated code
✓ No reverse shell or direct C2 communication detected
✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env files
✓ Python code is readable and auditable
✓ Dependencies come from standard, well-known packages (faster-whisper, piper-tts)