Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Voice Transcriber Pro
v1.0.0Voice note transcription and archival for OpenClaw agents. Powered by Deepgram Nova-3. Transcribes audio messages, saves both audio files and text transcript...
⭐ 0· 650·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The metadata and description advertise Deepgram Nova-3 and list DEEPGRAM_API_KEY and jq as required, but the actual scripts use OpenAI's audio transcription endpoint and openrouter.ai. The code does not use DEEPGRAM_API_KEY and does not call jq; conversely it relies on Python3 and environment variables (OPENAI_API_KEY, OPENROUTER_API_KEY) that are not declared. This mismatch is disproportionate and inconsistent with the stated purpose/provider.
Instruction Scope
SKILL.md instructs running bundled scripts which post audio files to external APIs (api.openai.com and openrouter.ai). transcribe.sh will read OPENROUTER_API_KEY from ~/.openclaw/workspace/.env if not in env — a user-local env file that may contain other secrets. save_voice_note.py writes audio and Markdown journal files under ~/.openclaw/workspace/memory, which is plausible for a journaling skill, but reading ~/.openclaw/workspace/.env and sending audio to third-party endpoints are not documented in SKILL.md and expand scope beyond the advertised Deepgram integration.
Install Mechanism
No remote install or download spec is present (instruction-only with bundled scripts). That lowers risk from arbitrary code fetches. The included scripts will be present on disk as part of the skill bundle, but no external installers or network-based install steps are invoked by the skill itself.
Credentials
The registry declares DEEPGRAM_API_KEY as the primary credential but the scripts use OPENAI_API_KEY and OPENROUTER_API_KEY (and also attempt to read ~/.openclaw/workspace/.env). Asking for a Deepgram key while not using it is misleading. Requiring or accessing other API keys and a workspace .env file is disproportionate and increases the chance of unintentionally exposing unrelated secrets.
Persistence & Privilege
The skill does not request always:true and writes only to ~/.openclaw/workspace/memory which is expected for agent memory. However, it also reads ~/.openclaw/workspace/.env (potentially containing other credentials) — this cross-file access is not declared and elevates the skill's effective privilege to access local secret material beyond its stated scope.
What to consider before installing
This skill is functionally a transcriber, but the metadata, docs, and code don't line up. Before installing: (1) Do not provide DEEPGRAM_API_KEY expecting it to be used — the scripts currently call OpenAI/openrouter endpoints instead. (2) Inspect ~/.openclaw/workspace/.env for secrets; the transcribe.sh will read that file for OPENROUTER_API_KEY if present, which could expose other keys. (3) If you want Deepgram, either modify the scripts to actually use Deepgram or prefer a skill that declares and uses the correct provider. (4) Be aware that audio files will be uploaded to external services (api.openai.com and openrouter.ai) — only do this if you are comfortable sending sensitive audio to those providers. (5) If you lack the ability to audit/modify the code, run this only in a controlled/sandboxed environment and avoid placing other credentials in ~/.openclaw/workspace/.env. Given the mismatches and undeclared env usage, treat this skill with caution or seek a corrected/reviewed release.Like a lobster shell, security has layers — review code before you run it.
latestvk976th9gxnb17fc6d947x5vd8d816feptranscriptionvk976th9gxnb17fc6d947x5vd8d816fepvoicevk976th9gxnb17fc6d947x5vd8d816fep
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎙️ Clawdis
Binscurl, jq
EnvDEEPGRAM_API_KEY
Primary envDEEPGRAM_API_KEY