← 返回 Skills 市场
269
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install voice-to-protocol-transcriber
功能描述
Record experimental procedures and observations via voice commands during lab work. Real-time transcription for structured experiment documentation.
安全使用建议
What to check before installing:
- Dependency mismatch: SKILL.md asks you to install speechrecognition, pyaudio, pydub, python-docx but requirements.txt does not include them. Expect to manually install the missing packages (use a virtualenv). Verify the skill runs after installing exactly what it needs.
- Network/privacy risk: The speechrecognition library typically uses online services by default (for example, Google Web Speech API). Confirm whether the code uses an offline recognizer or sends audio to external servers. If the code calls cloud recognizers, audio (potentially sensitive experimental data) may leave your machine. Ask the author or inspect the full main.py to see how Recognition is configured.
- Inspect the rest of main.py: only a truncated portion was provided. Review the remainder for any hard-coded endpoints, hidden subprocess/network calls, or unexpected file access before trusting this in regulated labs.
- Install safely: install inside a virtual environment on a non-production/test machine first. Run with microphone permissions in an isolated environment. Check that saved files go to a directory you control and do not inadvertently overwrite other files.
- Operational caution: don't run this against sensitive or PHI-containing experiments until you confirm where audio/text is processed (locally vs. remote) and audit third-party dependencies.
If you can provide the full main.py (untruncated) or confirm whether speech recognition is configured for an offline engine, I can raise or lower the confidence and give more specific advice.
功能分析
Type: OpenClaw Skill
Name: voice-to-protocol-transcriber
Version: 0.1.0
The skill contains a path traversal vulnerability in `scripts/main.py`, where the `experiment_name` input is used to construct file paths without sanitizing directory traversal sequences (e.g., `../`), potentially allowing files to be written outside the intended directory. Additionally, there is a significant discrepancy between `SKILL.md`, which claims to support real-time voice recognition and requires external libraries like `pyaudio`, and the actual implementation in `scripts/main.py`, which is a basic text-only logger using standard libraries. While no clear evidence of malicious intent was found, the combination of a file-writing vulnerability and misleading documentation warrants a suspicious classification.
能力评估
Purpose & Capability
Name/description, SKILL.md and the included Python code all align with a voice-driven experiment recorder that saves files to the user's Documents directory. However, SKILL.md lists external Python packages (speechrecognition, pyaudio, pydub, python-docx) while the included requirements.txt only contains 'dataclasses', 'enum', and 'wave' — a clear mismatch. Also the bundle contains code but no install spec, which is inconsistent with the advertised dependency installation steps.
Instruction Scope
SKILL.md says 'No external API calls' in the risk table, yet it recommends the 'speechrecognition' package and notes Chinese recognition needs a good network connection. The speechrecognition library commonly uses cloud/online recognizers (e.g., Google) unless explicitly configured for an offline engine; this can send audio to third-party servers. The instructions otherwise operate on local files and a local config path (~/.openclaw/...), which is expected for the stated purpose.
Install Mechanism
There is no install spec in the registry (instruction-only), yet the package includes executable Python code and a requirements.txt that does not reflect the SKILL.md 'pip install' list. This mismatch may lead to missing runtime dependencies or hidden manual install steps. No remote download URLs are present in files examined, which reduces high-risk install behavior, but the missing/incorrect dependency declarations are a practical risk.
Credentials
The skill requests no environment variables or credentials and only reads/writes local files (default save dir ~/Documents/Experiment-Protocols or ~/.openclaw config). That is proportionate for a local transcription tool. Users should note audio data and saved protocol files may contain sensitive lab data.
Persistence & Privilege
No elevated privileges requested, always=false, and the skill does not declare modifications to other skills or global agent settings. It writes its own config under ~/.openclaw and saves files to a user-owned Documents folder — expected for this functionality.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install voice-to-protocol-transcriber - 安装完成后,直接呼叫该 Skill 的名称或使用
/voice-to-protocol-transcriber触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release: Voice-to-Protocol Transcriber enables real-time, voice-driven experiment documentation.
- Supports real-time transcription and structured documentation of lab steps and observations via voice commands.
- Provides multi-language support (Chinese and English).
- Automatically classifies and timestamps experiment steps, observations, and notes.
- Allows saving experiment records in Markdown and Word formats.
- Includes voice command control for hands-free operation.
元数据
常见问题
Voice To Protocol Transcriber 是什么?
Record experimental procedures and observations via voice commands during lab work. Real-time transcription for structured experiment documentation. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 269 次。
如何安装 Voice To Protocol Transcriber?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install voice-to-protocol-transcriber」即可一键安装,无需额外配置。
Voice To Protocol Transcriber 是免费的吗?
是的,Voice To Protocol Transcriber 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Voice To Protocol Transcriber 支持哪些平台?
Voice To Protocol Transcriber 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Voice To Protocol Transcriber?
由 Lyla0921(@lyla0921)开发并维护,当前版本 v0.1.0。
推荐 Skills