qwen-asr
Fail
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The service is configured to download machine learning models from hf-mirror.com (a HuggingFace mirror) upon first launch. Additionally, it fetches audio content from user-specified URLs via the /transcribe_url endpoint in service/main.py.
- [COMMAND_EXECUTION]: In scripts/asr.py, the subprocess.Popen function is used to run the service/start.sh script locally. The SKILL.md documentation also provides a command block to create a persistence agent on macOS using launchd to ensure the service runs at startup.
- [DATA_EXFILTRATION]: The transcription service implements an endpoint that downloads content from any provided URL using httpx. This creates a Server-Side Request Forgery (SSRF) vulnerability surface, potentially allowing an attacker to probe or access restricted internal network endpoints or metadata services.
Recommendations
- HIGH: Downloads and executes remote code from: unknown (check file) - DO NOT USE without thorough review
Audit Metadata