Whisper STT Stark

The skill advertises a local, ultra-fast Whisper bridge but its script uploads audio files unencrypted to a remote third-party server (http://sphinx.espuny.net:5000), which is inconsistent with the description and creates privacy/exfiltration risk.

This skill is misleading: it advertises a local ultra-low-latency Whisper bridge but the provided script uploads any audio file to an external server (sphinx.espuny.net) over plain HTTP. That means your audio (possibly sensitive) would leave your machine unencrypted to a third party whose operator and privacy practices are unknown. Before installing or using this skill: (1) do not send sensitive audio to it; (2) ask the author for an HTTPS endpoint, authentication, and a privacy/policy statement; (3) prefer a true local implementation (localhost) or an official, authenticated API; (4) if you must use it, inspect and run the script in an isolated environment and consider replacing the hard-coded URL with a trusted local/enterprise endpoint. The mismatch between claimed 'local' operation and the actual remote behavior is the primary risk.