speech-recognition Security Report — Low Risk | ClawSafe

20 /100

speech-recognition

通用语音识别 Skill。支持多种音频格式（ogg/mp3/wav/m4a），使用硅基流动 SenseVoice API 进行语音转文字。

Pure documentation skill with no executable code; legitimate SiliconFlow API integration for speech recognition with minor documentation inconsistencies.

Skill Namespeech-recognition

Duration34.5s

Enginepi

✓

Safe to install

No action required. Consider fixing the typo in README.md line 57 (api.sylliconflow.cn → api.siliconflow.cn).

Findings 2 items

Severity	Finding	Location
Low	Typo in API endpoint URL Doc Mismatch README.md line 57 contains typo 'api.sylliconflow.cn' instead of 'api.siliconflow.cn'. This is a documentation error rather than malicious behavior. `https://api.sylliconflow.cn/v1/audio/transcriptions` → Fix typo to 'api.siliconflow.cn' for correct API endpoint.	`README.md:57`
Low	Author metadata inconsistency Doc Mismatch package.json lists '思捷娅科技 (SJYKJ)' as author while skill.json lists 'Kuro'. Minor inconsistency suggesting possible template reuse. `Author fields differ between metadata files` → Unify author information across all metadata files.	`package.json, skill.json:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No file operations in this documentation-only skill
Network	`READ`	`READ`	✓ Aligned	Describes API calls to api.siliconflow.cn - legitimate documented behavior
Shell	`NONE`	`NONE`	—	FFmpeg usage is documented as bash examples only
Environment	`NONE`	`READ`	✓ Aligned	SKILL.md line 62 references SILICONFLOW_API_KEY env var - documented expected us…
Database	`NONE`	`NONE`	—	No database access

6 findings

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/License-MIT-yellow.svg

README.md:3

🔗

Medium External URL 外部 URL

https://opensource.org/licenses/MIT

README.md:3

🔗

Medium External URL 外部 URL

https://api.sylliconflow.cn/v1/audio/transcriptions

README.md:57

🔗

Medium External URL 外部 URL

https://api.siliconflow.cn/v1/audio/transcriptions

README.md:156

🔗

Medium External URL 外部 URL

https://docs.siliconflow.cn/

README.md:259

🔗

Medium External URL 外部 URL

https://clawhub.com

README.md:271

File Tree

5 files · 11.2 KB · 514 lines

Markdown 2f · 472L JSON 3f · 42L

├─ 📋 _meta.json JSON 5L · 137 B

├─ 📋 package.json JSON 28L · 727 B

├─ 📝 README.md Markdown 278L · 5.7 KB

├─ 📋 skill.json JSON 9L · 458 B

└─ 📝 SKILL.md Markdown 194L · 4.2 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`none`	`N/A`	N/A	No	No dependencies defined in package.json

Security Positives

✓ No executable code files present - purely documentation

✓ No credential harvesting or exfiltration behavior

✓ No obfuscation or encoded payloads

✓ No suspicious network IOCs beyond expected SiliconFlow API calls

✓ No supply chain risks - no dependencies defined

✓ MIT license clearly declared

✓ Legitimate Chinese AI API provider (SiliconFlow) used

Scan Report

Findings 2 items

File Tree

Dependencies 1 items

Security Positives