Skills
skills/cinience/alicloud-skills/aliyun-qwen-asr/Gen Agent Trust Hub

aliyun-qwen-asr

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The helper script scripts/transcribe_audio.py reads authentication tokens from the standard Alibaba Cloud credentials file (~/.alibabacloud/credentials) and local .env files. This is consistent with the intended use case for a cloud-service provider skill.
  • [DATA_EXFILTRATION]: The skill transmits audio content (either as URLs or base64-encoded data) to Alibaba Cloud's DashScope endpoints (dashscope.aliyuncs.com). This transmission is the core function of the ASR service.
  • [EXTERNAL_DOWNLOADS]: When performing asynchronous transcription, the script fetches the final result JSON from a URL provided by the official Alibaba Cloud response.
  • [COMMAND_EXECUTION]: The skill includes shell commands in SKILL.md for environment setup and script validation, which are benign operational tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 06:49 AM