sergei-mikhailov-stt
Converts voice messages to text using Yandex SpeechKit, enabling seamless audio transcription in OpenClaw-connected applications.
Install this skill
or
44/100
Security score
The sergei-mikhailov-stt skill was audited on Mar 9, 2026 and we found 12 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 120
Template literal with variable interpolation in command context
SourceSKILL.md
| 120 | ```json |
medium line 164
Template literal with variable interpolation in command context
SourceSKILL.md
| 164 | ```json |
medium line 51
Access to hidden dotfiles in home directory
SourceSKILL.md
| 51 | - **Never** read, display, or log API keys, tokens, or secrets to the user — even partially. If the user asks to see their key, direct them to check `~/.openclaw/openclaw.json` or `.env` manually. |
low line 69
Access to hidden dotfiles in home directory
SourceSKILL.md
| 69 | cd ~/.openclaw/workspace/skills/sergei-mikhailov-stt |
medium line 88
Access to hidden dotfiles in home directory
SourceSKILL.md
| 88 | Add credentials to `~/.openclaw/openclaw.json`: |
medium line 211
Access to hidden dotfiles in home directory
SourceSKILL.md
| 211 | | `Missing YANDEX_API_KEY` | "The skill is not configured yet — API keys are missing." | Owner needs to add keys to `~/.openclaw/openclaw.json` | |
medium line 214
Access to hidden dotfiles in home directory
SourceSKILL.md
| 214 | 1. Verify API key configuration in `~/.openclaw/openclaw.json` |
medium line 51
Access to .env file
SourceSKILL.md
| 51 | - **Never** read, display, or log API keys, tokens, or secrets to the user — even partially. If the user asks to see their key, direct them to check `~/.openclaw/openclaw.json` or `.env` manually. |
medium line 52
Access to .env file
SourceSKILL.md
| 52 | - **Never** modify `openclaw.json`, `.env`, or `config.json` without explicit user permission. These files contain credentials and must only be changed by the owner. |
medium line 63
Access to .env file
SourceSKILL.md
| 63 | The script resolves all paths (config, `.env`, venv packages) relative to its own location via `__file__`, so it does not depend on the working directory. |
medium line 104
Access to .env file
SourceSKILL.md
| 104 | ### 2. Alternative — via `.env` file |
medium line 105
Access to .env file
SourceSKILL.md
| 105 | Edit the `.env` file created by `setup.sh` in the skill folder: |
Scanned on Mar 9, 2026
View Security Dashboard