Douyin Transcriber
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent local transcription skill, but users should notice it relies on running an unpinned third-party Docker container that stays running until stopped.
This skill appears benign for local media transcription. Before using it, make sure you trust the Docker image, consider pinning a specific image version, process only media you intend to transcribe, and stop the Docker container when you are done.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the upstream image changes or is compromised, the container could run different code than the user expected.
The skill directs users to run a third-party Docker image using the mutable latest tag, so the actual code executed is not pinned in the artifacts.
docker run -d -p PORT:PORT ... --name whisper-asr onerahmet/openai-whisper-asr-webservice:latest
Use a trusted image source, pin a specific version or digest, and review the Docker image before running it.
The local ASR service may remain active and listening on the configured port until the user stops it.
The documented Docker command starts the ASR service in detached mode, meaning it can continue running after the immediate transcription workflow finishes.
docker run -d -p PORT:PORT ... --name whisper-asr
Stop or remove the container when finished, and bind the port to localhost only if remote access is not needed.