ClawHub
Back to skill
v1.0.0

openclaw-whisper-asr

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:31 AM.

Analysis

This looks like a normal local Whisper speech-to-text setup, with the main caveat that installation involves manual shell commands and unpinned downloads/builds from GitHub.

GuidanceThis skill appears suitable if you want local offline speech-to-text. Before installing, be aware that you are asked to install ffmpeg, clone and build whisper.cpp, and download a model; use a trusted machine and consider pinning the upstream repository version.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
git clone https://github.com/ggml-org/whisper.cpp.git ... sh ./models/download-ggml-model.sh base

The setup relies on cloning an unpinned external repository and running its model download script. This is expected for a Whisper setup, but users should trust or pin the upstream source.

User impactInstalling the skill as documented may download and build third-party code and model files on the local machine.
RecommendationUse the official repository, review the upstream project if needed, and consider pinning a known commit or release before building.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
SKILL.md
sudo apt-get install -y ffmpeg ... cmake --build build -j --config Release

The documented setup includes privileged package installation and local compilation. These commands are central to the stated local ASR purpose and are presented as user-directed setup steps.

User impactFollowing the setup changes the local environment by installing ffmpeg and compiling whisper.cpp.
RecommendationRun the setup only on a machine where you are comfortable installing packages and building local binaries.