Voice Transcribe
ReviewAudited by ClawScan on May 10, 2026.
Overview
The transcription purpose is reasonable, but the skill tells the agent to run a local script that is not included in the reviewed package while also using audio files and an OpenAI API key.
Do not treat the clean static scan as meaningful here because there was no executable code to scan. Before installing, ask for the missing transcribe script and dependency details, verify what data it sends to OpenAI, and confirm where transcripts or cache files are stored.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing this skill could cause the agent to run an unreviewed local script if that path exists, or fail unpredictably if it does not.
This is the main workflow command, but the provided manifest contains only SKILL.md, replacements.txt, and vocab.txt, with no transcribe executable or install spec. The code the agent would run is therefore outside the reviewed artifacts and tied to a hard-coded local path.
uv run /Users/darin/clawd/skills/voice-transcribe/transcribe <audio-file>
Only install after the transcribe executable and its dependencies are included or otherwise reviewed, and replace the hard-coded personal path with a scoped, packaged command.
The skill can use the user's OpenAI account and may incur API costs when transcribing audio.
The skill asks the user to place an OpenAI API key in a local .env file. That is expected for OpenAI transcription, but the registry metadata declares no required environment variables or primary credential.
OPENAI_API_KEY=sk-...
Use a dedicated, least-privilege API key if possible, monitor usage, and ensure the .env file is not shared or committed.
Voice memos or other audio may be processed by an external provider.
The skill's purpose implies sending audio content to OpenAI for transcription. This is disclosed and purpose-aligned, but audio files can contain sensitive personal information.
Transcribe audio files using OpenAI's gpt-4o-mini-transcribe model
Only use it on audio you are comfortable sending to OpenAI, and check the provider's data-use and retention settings for your account.
Bad replacements could silently change future transcripts, and cached transcription data may persist locally.
The skill uses persistent vocabulary/replacement files and a cache. These are relevant to the transcription purpose, but they can affect future outputs and the cache retention/contents are not described.
add a replacement to `replacements.txt` ... `wrong spelling -> correct spelling` ... `caches by sha256 of audio file`
Review vocab.txt and replacements.txt periodically, and document where cache data is stored and how to clear it.