Scan Report
0 /100
qwen-asr
离线中文语音识别(纯 C 实现)
Legitimate offline Chinese ASR skill with fully declared shell execution, model downloads, and FFmpeg audio preprocessing. No credential access, obfuscation, or exfiltration observed.
Safe to install
No action needed. The skill is a clean ASR wrapper with no security concerns.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | scripts/run.sh:69 - reads audio input |
| Filesystem | WRITE | WRITE | ✓ Aligned | scripts/run.sh:53 - mktemp for temp WAV |
| Network | READ | READ | ✓ Aligned | SKILL.md:42 - model download declared; refs/README.md:6 - HuggingFace URLs |
| Shell | WRITE | WRITE | ✓ Aligned | scripts/run.sh:1 - bash shebang; line 69 - ffmpeg; line 75 - qwen_asr binary |
2 findings
Medium External URL 外部 URL
https://huggingface.co/antirez/qwen3-asr-0.6b references/README.md:6 Medium External URL 外部 URL
https://huggingface.co/antirez/qwen3-asr-1.7b references/README.md:6 File Tree
3 files · 5.7 KB · 236 lines Markdown 2f · 139L
Shell 1f · 97L
├─
▾
references
│ └─
README.md
Markdown
├─
▾
scripts
│ └─
run.sh
Shell
└─
SKILL.md
Markdown
Security Positives
✓ No credential harvesting - does not access ~/.ssh, ~/.aws, .env, or environment variables for secrets
✓ No obfuscation - plain bash script, no base64/eval
✓ No C2/exfiltration - all operations are local audio processing
✓ Network access explicitly declared in SKILL.md (model download phase)
✓ No remote script execution (curl|bash/wget|sh)
✓ Proper temp file cleanup (rm -f $TEMP_WAV)
✓ Uses safe temp file creation with mktemp
✓ Model download prompts user manually instead of auto-downloading