Pure Aliyun ASR skill for voice message transcription, supports multiple channels including Feishu
Security Analysis
medium confidenceThe skill appears to implement Aliyun ASR functionality, but there are inconsistencies between its description/instructions and the actual code (notably a required local config file path, an undeclared ffmpeg dependency, and misleading claims about "no extra configuration"), so proceed with caution.
Name/description match the code: the Python code calls Aliyun NLS endpoints to convert audio to text. However, the metadata claimed no required config paths or credentials while the implementation requires a settings file at /root/.openclaw/aliyun-asr-config.json containing AccessKeyId/Secret and app_key. The use of ffmpeg for format conversion is present in code but not declared in required binaries. These gaps are inconsistent with the published metadata/README.
SKILL.md asserts "automatic integration, no additional configuration" and "no data storage," yet runtime instructions and code require creating a config file with credentials under /root/.openclaw and advise chmod 600. The code will read that file and exit if missing. The handler also invokes ffmpeg via subprocess to convert OGG→WAV, and posts raw audio bytes to Aliyun endpoints. The README's automatic/zero-config claim is therefore misleading and grants the skill implicit access to a sensitive on-disk config path.
No install spec (instruction-only installer) — lower risk because nothing is auto-downloaded. The package includes Python code and declares dependency on the requests Python package in the README. However, ffmpeg is invoked at runtime but not listed as a required binary. There is also an empty index.js/package.json present (benign but unnecessary).
The skill does not request environment variables but requires permanent credentials stored in a local JSON config file (access_key_id and access_key_secret). Those credentials are appropriate for calling Aliyun ASR, but storing them in /root/.openclaw implies the skill expects root-level file access. The number/type of secrets (Aliyun keys) is proportionate to the stated purpose, but the mismatch between declared/actual config requirements and use of a root path is concerning.
Skill does not request always:true and does not modify other skills or system-wide settings. It runs as an on-demand handler and prints or returns recognized text. No indications of privileged persistence beyond reading the expected config file.
Guidance
This skill's code implements Aliyun ASR and calls official Aliyun endpoints, but there are important inconsistencies you should consider before installing: - The README's "no extra configuration" claim is false: you must create /root/.openclaw/aliyun-asr-config.json containing your Aliyun access_key_id/access_key_secret and app_key. The registry metadata did not declare this config path. Confirm you are comfortable storing credentials on disk at that location and that the agent process has permission to read it. - The code invokes ffmpeg for OGG→WAV conversion but ffmpeg is not listed as a required binary. Ensure ffmpeg is available and that calling subprocesses is acceptable in your environment. - The skill posts raw audio bytes to Aliyun NLS endpoints (expected for ASR). There are no hidden external endpoints in the code, which is good, but review the code yourself if you don't fully trust the author. - Prefer creating a least-privilege RAM subuser as recommended, and set strict file permissions (chmod 600) on the config file. Consider running the agent under a non-root account and placing the config in a non-root path — or update the code to allow a configurable config path. If you need this functionality and are comfortable with the above, the implementation is plausible. If you cannot or will not store cloud credentials on disk at /root or cannot allow subprocess calls, do not install. If uncertain, request the author to (1) declare the config path in metadata, (2) allow config path override via env var, and (3) declare ffmpeg as a required binary.
Latest Release
v1.0.10
安全修复:移除潜在敏感文件,添加index.js,清理缓存目录,确保无密钥泄露风险
More by @jixsonwang
Published by @jixsonwang on ClawHub
