usewhisper-autohook
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill appears to implement the advertised memory/proxy integration, but it automatically stores and reuses conversation content through an external service with weak session-boundary safeguards.
Install only if you are comfortable sending the agent’s conversations to Whisper Context for long-term memory. Configure explicit user/session headers, use scoped keys, avoid sensitive chats unless you have redaction and retention controls, and review the local proxy script before routing provider traffic through it.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may send and reuse conversation content even when a particular message should not be stored or augmented with memory.
The skill instructs the agent to force memory retrieval and ingestion on every turn, which changes the agent’s normal control flow and removes per-turn discretion.
Before you think or respond to any message: ... Call get_whisper_context ... After you generate your final response: ... Call ingest_whisper_turn ... Always do this. Never skip.
Add explicit skip conditions, user opt-in/opt-out, and sensitive-content handling instead of an unconditional 'always' instruction.
Misconfigured or over-privileged keys could expose memory projects or incur provider usage costs.
The skill requires credentials for the Whisper service and optionally for upstream model providers; this is expected, but those keys grant account access and usage authority.
WHISPER_CONTEXT_API_KEY=YOUR_KEY ... export OPENAI_API_KEY="YOUR_UPSTREAM_KEY" ... export ANTHROPIC_API_KEY="YOUR_ANTHROPIC_KEY"
Use scoped API keys where possible, store them securely, and rotate them if the skill or host environment is no longer trusted.
Users relying only on registry metadata may miss that the skill runs local code and requires external service credentials.
The registry metadata lacks provenance and says no env vars are required, while the included artifacts show a Node script that needs API credentials.
Source: unknown; Homepage: none ... Required env vars: none ... Code file presence: usewhisper-autohook.mjs
Review the included script before use and prefer registry metadata that accurately declares runtime, network, and credential requirements.
Sensitive conversation content may be stored and later injected back into prompts, and the artifacts do not show retention, deletion, redaction, or review controls.
The script sends full user and assistant turns to the Whisper memory API for ingestion, creating persistent external memory from conversations.
messages: [ { role: "user", content: userMsg ... }, { role: "assistant", content: assistantMsg ... } ]; ... post(apiUrl, "/v1/memory/ingest/session", body)Use this only for conversations suitable for external long-term memory; add redaction, retention/deletion controls, and a clear way to skip ingestion.
Different users or chats could accidentally share memory context, causing private information or poisoned context to cross session boundaries.
In proxy mode, if headers and inference are missing, the proxy falls back to shared 'anon'/'default' identifiers instead of failing closed.
const user_id = headerUserId || inferred.user_id || String(bodyRaw?.user || "anon"); const session_id = headerSessionId || inferred.session_id || "default";
Require explicit per-user and per-session IDs for proxy requests, fail closed when they are missing, and document safe proxy deployment boundaries.