Local Whisper
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: local-whisper Version: 1.0.0 The skill bundle provides local speech-to-text functionality using OpenAI Whisper. The `SKILL.md` clearly outlines its purpose, usage, and setup, including legitimate dependencies like `ffmpeg` and Python libraries `openai-whisper` and `torch` from trusted sources (download.pytorch.org). The `scripts/transcribe.py` script correctly implements the transcription logic without any signs of data exfiltration, malicious execution, persistence, or prompt injection against the agent. The only network activity is the expected initial download of Whisper models by the `openai-whisper` library, which is consistent with the 'offline after model download' description.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may pull Python packages from external repositories before the tool can run locally.
The setup instructions ask the user to install unpinned external Python dependencies. This is purpose-aligned for local Whisper, but it creates a normal supply-chain review point.
uv pip install --python .venv/bin/python click openai-whisper torch --index-url https://download.pytorch.org/whl/cpu
Install only if you trust the package source; preferably use pinned versions or a lockfile, and verify the intended command wrapper is present before use.