melo-tts-metadata-creator Security Report — Suspicious | ClawSafe

50 /100

melo-tts-metadata-creator

MeloTTS metadata.list generation tool for training/fine-tuning with Whisper auto-transcription

Skill silently installs multiple undeclared Python packages (torch, whisper, audio-separator, librosa) and executes shell commands (nvidia-smi, pip install) without disclosure in SKILL.md documentation.

Skill Namemelo-tts-metadata-creator

Duration53.5s

Enginepi

⚠

Use with caution

Add explicit declarations for all package installations, subprocess usage, network access to PyTorch/pypi mirrors, and virtual environment setup to SKILL.md. Alternatively, split installation into a separate documented pre-requisite step.

Findings 5 items

Severity	Finding	Location
Medium	Undeclared silent package installation Doc Mismatch SKILL.md metadata declares only 'python' as required bin, but generate_metadata_list.py:18-20 silently installs openai-whisper, torch, torchaudio via ensure_package.pip() without user consent or documentation. `ensure_package.pip("openai-whisper") ensure_package.pip("torch") ensure_package.pip("torchaudio")` → Document all required packages explicitly in SKILL.md or move installation to a documented pre-install step.	`scripts/generate_metadata_list.py:18`
Medium	Undeclared subprocess shell execution Doc Mismatch env_manager.py executes multiple shell commands via subprocess (nvidia-smi, pip install) to set up virtual environment and install dependencies. This is essential functionality not mentioned in SKILL.md. `subprocess.check_call([str(venv_python), "-m", "pip", "install", "--upgrade", "pip"])` → Document subprocess/shell usage and the virtual environment setup process in SKILL.md.	`scripts/env_manager.py:79`
Medium	Undeclared extensive package dependencies Doc Mismatch env_manager.py lines 188-194 install audio-separator, librosa, pydub, huggingface-hub[tqdm] - 4+ additional packages not declared anywhere. `subprocess.check_call([str(venv_python), "-m", "pip", "install", "audio-separator[gpu]", "librosa"])` → Document all dependencies or remove unnecessary packages.	`scripts/env_manager.py:188`
Low	Unpinned package versions Supply Chain All pip installs in ensure_package.py and env_manager.py use unpinned versions (*). This can lead to supply chain attacks via dependency confusion or typosquatting on future updates. `subprocess.check_call([sys.executable, "-m", "pip", "install", "--upgrade", pip_pkg, ...])` → Pin package versions to known-good hashes or specific versions.	`scripts/ensure_package.py:45`
Low	Undeclared network access for model downloads Doc Mismatch Whisper model downloads to ./models/ directory (generate_metadata_list.py:47) and PyTorch wheels from external URLs (env_manager.py:148,161) are not disclosed. `model = whisper.load_model("base", download_root=str(local_models_dir))` → Document model download behavior and network usage.	`scripts/generate_metadata_list.py:47`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`WRITE`	✗ Violation	scripts/config.py:20 creates LOG_DIR.parent.mkdir
Shell	`NONE`	`WRITE`	✗ Violation	scripts/env_manager.py:79 subprocess.check_call pip install
Network	`NONE`	`READ`	✗ Violation	scripts/env_manager.py:148 downloads from pytorch.org
Environment	`NONE`	`READ`	✗ Violation	scripts/env_manager.py:45 reads os.getenv(RUNNING_IN_VENV)
Skill Invoke	`NONE`	`WRITE`	✗ Violation	scripts/generate_metadata_list.py:18 ensure_package.pip() auto-installs

3 findings

🔗

Medium External URL 外部 URL

https://pypi.tuna.tsinghua.edu.cn/simple

scripts/ensure_package.py:50

🔗

Medium External URL 外部 URL

https://download.pytorch.org/whl/cpu

scripts/env_manager.py:148

🔗

Medium External URL 外部 URL

https://download.pytorch.org/whl/

scripts/env_manager.py:161

File Tree

8 files · 32.2 KB · 861 lines

Python 5f · 567L Markdown 2f · 254L Ignore 1f · 40L

├─ ▾ 📁 scripts

│ ├─ 🐍 config.py Python 52L · 2.1 KB

│ ├─ 🐍 ensure_package.py Python 73L · 2.8 KB

│ ├─ 🐍 env_manager.py Python 235L · 10.3 KB

│ ├─ 🐍 generate_metadata_list.py Python 152L · 6.1 KB

│ └─ 🐍 logger_manager.py Python 55L · 2.6 KB

├─ 📄 .gitignore Ignore 40L · 359 B

├─ 📝 README.md Markdown 218L · 5.5 KB

└─ 📝 SKILL.md Markdown 36L · 2.3 KB

Dependencies 7 items

Package	Version	Source	Known Vulns	Notes
`openai-whisper`	`*`	pip (auto-installed)	No	Silent installation at runtime, not declared in docs
`torch`	`*`	pip (auto-installed)	No	Downloaded from pytorch.org
`torchaudio`	`*`	pip (auto-installed)	No	Downloaded from pytorch.org
`audio-separator`	`*`	pip (auto-installed)	No	Installed in env_manager.py but not required for core functionality
`librosa`	`*`	pip (auto-installed)	No	Installed but not imported anywhere in the codebase
`pydub`	`*`	pip (auto-installed)	No	Installed but not imported anywhere in the codebase
`huggingface-hub`	`*`	pip (auto-installed)	No	Installed but not imported anywhere in the codebase

Security Positives

✓ No evidence of credential theft or credential harvesting

✓ No reverse shell or C2 communication patterns detected

✓ No base64-encoded or obfuscated payloads

✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env files

✓ No malicious persistence mechanisms (cron, startup hooks, backdoors)

✓ Package installation uses reputable sources (pytorch.org, pypi.tuna.tsinghua.edu.cn)

✓ Whisper transcription logic is legitimate and matches stated purpose

✓ Virtual environment creation is a reasonable security practice for dependency isolation

Scan Report

Findings 5 items

File Tree

Dependencies 7 items

Security Positives