中文 EN

扫描报告

扫描新文件

可信 — 风险评分 0/100
上次扫描:17 小时前 重新扫描
0 /100
qwen-asr
离线中文语音识别(纯 C 实现)
Legitimate offline Chinese ASR skill with fully declared shell execution, model downloads, and FFmpeg audio preprocessing. No credential access, obfuscation, or exfiltration observed.
技能名称qwen-asr
分析耗时26.0s
引擎pi
可以安装
No action needed. The skill is a clean ASR wrapper with no security concerns.
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 scripts/run.sh:69 - reads audio input
文件系统 WRITE WRITE ✓ 一致 scripts/run.sh:53 - mktemp for temp WAV
网络访问 READ READ ✓ 一致 SKILL.md:42 - model download declared; refs/README.md:6 - HuggingFace URLs
命令执行 WRITE WRITE ✓ 一致 scripts/run.sh:1 - bash shebang; line 69 - ffmpeg; line 75 - qwen_asr binary
2 项发现
🔗
中危 外部 URL 外部 URL
https://huggingface.co/antirez/qwen3-asr-0.6b
references/README.md:6
🔗
中危 外部 URL 外部 URL
https://huggingface.co/antirez/qwen3-asr-1.7b
references/README.md:6

目录结构

3 文件 · 5.7 KB · 236 行
Markdown 2f · 139L Shell 1f · 97L
├─ 📁 references
│ └─ 📝 README.md Markdown 71L · 1.8 KB
├─ 📁 scripts
│ └─ 🔧 run.sh Shell 97L · 2.3 KB
└─ 📝 SKILL.md Markdown 68L · 1.5 KB

安全亮点

✓ No credential harvesting - does not access ~/.ssh, ~/.aws, .env, or environment variables for secrets
✓ No obfuscation - plain bash script, no base64/eval
✓ No C2/exfiltration - all operations are local audio processing
✓ Network access explicitly declared in SKILL.md (model download phase)
✓ No remote script execution (curl|bash/wget|sh)
✓ Proper temp file cleanup (rm -f $TEMP_WAV)
✓ Uses safe temp file creation with mktemp
✓ Model download prompts user manually instead of auto-downloading