ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ANY WHISPER API

Transcribe audio via API Whisper with any compatible local servers.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 356 · 0 current installs · 0 all-time installs
byNeow15ard@nw15d
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary (curl), and required env vars (WHISPER_API_KEY, WHISPER_API_HOST) align with the stated purpose of sending audio to a Whisper-compatible API for transcription.
Instruction Scope
SKILL.md and scripts/transcribe.sh are narrowly scoped: they read a local audio file, require the API key/host, POST the file to /v1/audio/transcriptions, and write the transcript to disk. Note: the script will send the audio to whatever WHISPER_API_HOST is set to (defaulting to api.openai.com), so the host must be trusted.
Install Mechanism
No install spec (instruction-only plus a small shell script). Nothing is downloaded or written during install — lowest-risk install pattern.
Credentials
Requested environment variables are appropriate for this task. Minor quibble: requiring WHISPER_API_KEY for a local, unauthenticated Whisper server is unnecessary but not dangerous. Ensure the provided WHISPER_API_HOST and WHISPER_API_KEY are correct and trusted because sensitive audio will be transmitted to that endpoint.
Persistence & Privilege
always:false and no special persistence or cross-skill config modifications. The skill does not request elevated or persistent platform privileges.
Assessment
This script will upload whatever audio file you give it to the host in WHISPER_API_HOST using the token in WHISPER_API_KEY. Before using: (1) verify WHISPER_API_HOST is a trusted endpoint (a local whisper server or the official API) — a malicious host could capture your audio; (2) keep WHISPER_API_KEY secret; (3) note the transcript is written to disk at the output path (default: <input>.txt) so handle that file appropriately; (4) the SKILL.md config example references "openai-whisper-api" (likely copy/paste) — that’s a naming inconsistency but not a functional issue. If you plan to point to an unauthenticated local server, you can still set WHISPER_API_HOST but the script currently requires an API key even if the server doesn’t need one.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.3.0
Download zip
latestvk97a40bjaqa1eef7xr28ngbk2h81x3tq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

☁️ Clawdis
Binscurl
EnvWHISPER_API_KEY, WHISPER_API_HOST

SKILL.md

OpenAI Whisper API (curl)

Transcribe an audio file via OpenAI’s /v1/audio/transcriptions endpoint.

Quick start

{baseDir}/scripts/transcribe.sh /path/to/audio.m4a

Defaults:

  • Model: whisper-1
  • Output: <input>.txt

Whisper.cpp example

/ai/whisper.cpp/build/bin/whisper-server -m /ai/models/whisper/ggml-large-v3-turbo-q8_0.bin --host 192.168.0.55 --port 5005 -sow --vad --vad-model /ai/models/whisper/ggml-silero-v6.2.0.bin --inference-path /v1/audio/transcriptions

Useful flags

{baseDir}/scripts/transcribe.sh /path/to/audio.ogg --model whisper-1 --out /tmp/transcript.txt
{baseDir}/scripts/transcribe.sh /path/to/audio.m4a --language en
{baseDir}/scripts/transcribe.sh /path/to/audio.m4a --prompt "Speaker names: Peter, Daniel"
{baseDir}/scripts/transcribe.sh /path/to/audio.m4a --json --out /tmp/transcript.json

API key

Set WHISPER_API_KEY and WHISPER_API_HOST, or configure it in ~/.clawdbot/clawdbot.json:

{
  skills: {
    "openai-whisper-api": {
      apiKey: "WHISPER_API_KEY_HERE",
      apiHost: "WHISPER_API_HOST_HERE"
    }
  }
}

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…