Back to skill
Skillv1.4.1
ClawScan security
Podcast Transcribe · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 18, 2026, 3:31 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (transcribing podcasts) matches its instructions, but there are inconsistencies and operational risks — notably reliance on fetching and running third‑party tooling via npx/pnpm, references to many provider API keys that are not declared, and minor provenance mismatches — so proceed only after verifying the external package and credential needs.
- Guidance
- This skill appears to do what it says (transcribe podcasts) but relies heavily on a third‑party CLI (podcast-helper) that will be fetched and executed at runtime via npx/pnpm. Before installing or running: 1) verify the source package (check the npm package name and GitHub repo, confirm the maintainer), 2) prefer running npx in an isolated environment or inspect the package contents first, 3) do not provide API keys until you confirm which provider will be used and that you trust that provider’s code, 4) note the setup docs reference 'dairui1/podcast-helper' whereas the registry owner differs — confirm provenance, and 5) if you need stronger assurance, request a packaged skill with an explicit install spec or a vetted release (GitHub releases) rather than relying on npx remote execution.
Review Dimensions
- Purpose & Capability
- noteThe name/description (podcast transcription + cleanup) aligns with the SKILL.md and reference docs. However, the workflow depends on an external CLI (podcast-helper) and hosted transcription providers; the registry metadata declares no required env vars while references/inputs-and-engines.md documents many provider API keys (OPENAI_API_KEY, ELEVENLABS_API_KEY, etc.). Also references/setup.md mentions 'dairui1/podcast-helper' while the registry owner ID differs — a provenance mismatch worth verifying.
- Instruction Scope
- noteInstructions are explicit and scoped to using the podcast-helper CLI, downloading audio, and optionally fetching episode pages (curl https://r.jina.ai/...). They do not instruct reading unrelated system files. However, they instruct the agent to run npx/pnpm which will fetch and execute remote code at runtime and to call external endpoints (audio URLs, r.jina.ai), which expands the attack surface and can lead to executing third‑party code or transmitting data externally.
- Install Mechanism
- noteThere is no install spec (instruction-only), which reduces persistent changes on disk. But the recommended usage relies on npx / pnpm dlx / npm-installed podcast-helper — these commands fetch packages from npm and run them transiently. That is standard for CLI tools but is a higher-risk runtime action than pure local operations because it executes third‑party code fetched at runtime.
- Credentials
- concernThe skill metadata declares no required env vars, yet references/inputs-and-engines.md lists many provider API keys (OPENAI_API_KEY, ELEVENLABS_API_KEY, ASSEMBLYAI_API_KEY, etc.) as potential dependencies for hosted transcription. Requiring multiple unrelated secrets would be disproportionate; the skill should have declared expected env vars up front. Users may need to provide API keys to get hosted backends to work — confirm which providers the instance will actually call before supplying secrets.
- Persistence & Privilege
- okThe skill is not 'always: true' and does not request modification of other skills or global agent configs. It is user-invocable and allows autonomous invocation (platform default), which is expected for skills; nothing indicates it seeks elevated persistent privileges.