Telegram Voice Transcribe

This skill is generally coherent for transcribing Telegram voice notes, but check these before installing or enabling it: - Metadata mismatch: the registry metadata claims no required env vars but SKILL.md and the script require OPENAI_API_KEY (for API mode) and TELEGRAM_BOT_TOKEN (for --file-id). Confirm which mode you will use and only provision the minimum credentials. - Privacy vs API: local (--local) mode keeps audio on your server; API mode sends audio to OpenAI. If privacy is required, use --local and ensure you have the required local models and resources (disk, RAM, possibly GPU). - Resource & dependencies: installing openai-whisper / torch and downloading models (small/medium) can use hundreds of MBs to GBs and CPU/GPU time. Plan for that on your host. - Claimed auto-download: CLAWHUB.md states an auto-download of static ffmpeg; the script only tries to import static_ffmpeg. Verify whether your environment will actually provide ffmpeg or static_ffmpeg — do not assume the skill will fetch executables from external servers. - Network flows: in file-id and API modes the skill calls Telegram API and (optionally) OpenAI API; if you have egress controls, permit only those hosts. The URL mode will fetch arbitrary URLs you pass — avoid untrusted URLs to reduce risk. - Inspect hooks: if you install the suggested pre-processing hook into OpenClaw, review the hook code to confirm it runs with appropriate timeouts and environment and does not expose extra secrets. If these points are acceptable and you only grant the minimal env vars needed for your chosen mode, the skill is consistent with its stated purpose.