中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 10/100
Last scan:1 day ago Rescan
10 /100
meeting-to-text
Create a fully local speaker-separated .txt transcript from a meeting recording, meeting screen recording, speech audio, or local video/audio file
A legitimate local transcription tool that converts audio/video files to speaker-separated text transcripts using FFmpeg and local ASR models. All functionality is properly declared and verified.
Skill Namemeeting-to-text
Duration39.0s
Enginepi
Safe to install
This skill is safe to use. The subprocess execution of FFmpeg and ModelScope downloads are legitimate and necessary for media processing. No credential access or data exfiltration observed.

Findings 2 items

Severity Finding Location
Low
Undeclared network access for model caching Doc Mismatch
The script downloads speaker models from ModelScope via snapshot_download at line 180. This is not explicitly declared in SKILL.md but is a legitimate function for model caching.
from modelscope.hub.snapshot_download import snapshot_download
→ Consider adding 'ModelScope downloads' to the declared capabilities section for transparency, though this is standard practice for ML model management.
 scripts/meeting_to_text.py:180
Low
Shell execution not explicitly declared in SKILL.md Doc Mismatch
SKILL.md does not explicitly mention that FFmpeg is executed via subprocess. However, the runtime_paths.md references FFmpeg explicitly, and this is necessary functionality.
subprocess.run(command, capture_output=True, text=True, encoding='utf-8', errors='replace')
→ SKILL.md already documents FFmpeg usage indirectly through runtime references. Consider adding explicit mention of FFmpeg subprocess execution for clarity.
 scripts/meeting_to_text.py:131
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned SKILL.md:22 - one local source file path
Filesystem WRITE WRITE ✓ Aligned SKILL.md:23 - one output target path; scripts/meeting_to_text.py:line 100 writes…
Shell WRITE WRITE ✓ Aligned SKILL.md:31 - subprocess to FFmpeg for media processing; scripts/meeting_to_text…
Network NONE READ ✓ Aligned scripts/meeting_to_text.py:line 180 - snapshot_download from ModelScope (model c…
Environment NONE READ ✓ Aligned scripts/meeting_to_text.py:line 41 - os.getenv for path configuration, not crede…

File Tree

5 files · 35.0 KB · 978 lines
Python 1f · 748L Markdown 3f · 188L JSON 1f · 42L
├─ 📁 evals
│ └─ 📋 evals.json JSON 42L · 2.2 KB
├─ 📁 references
│ ├─ 📝 runtime_paths.md Markdown 41L · 1.6 KB
│ └─ 📝 troubleshooting.md Markdown 57L · 1.2 KB
├─ 📁 scripts
│ └─ 🐍 meeting_to_text.py Python 748L · 26.3 KB
└─ 📝 SKILL.md Markdown 90L · 3.7 KB

Dependencies 7 items

PackageVersionSourceKnown VulnsNotes
funasr * pip No ASR framework, version not pinned but standard dependency
torch * pip No PyTorch, version not pinned
torchaudio * pip No Audio processing, version not pinned
numpy * pip No Numerical computing, standard dependency
scipy * pip No Scientific computing, standard dependency
sklearn * pip No Scikit-learn for clustering, standard dependency
modelscope * pip No ModelScope SDK for speaker model downloads, version not pinned

Security Positives

✓ No credential harvesting or sensitive environment variable access
✓ No base64 encoding or code obfuscation detected
✓ No C2 communication or data exfiltration
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, etc.)
✓ All dependencies are legitimate ML/audio processing libraries
✓ Code structure is clean with proper error handling
✓ Temporary files are properly cleaned up with shutil.rmtree
✓ No reverse shell or remote execution payloads
✓ User inputs are properly validated with file existence and extension checks