Zhipu Asr
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it says: it transcribes user-selected audio through Zhipu AI, with expected notes about sending audio and an API key to an external provider.
Before installing, make sure you are comfortable sending the selected audio and any context prompts to Zhipu AI, and protect your ZHIPU_API_KEY. The artifacts do not show hidden persistence, unrelated file access, or credential misuse.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Audio recordings, context prompts, and hotwords may contain private speech or business information and will leave the local machine for provider processing.
The script sends the chosen local audio file to Zhipu's external transcription API; optional prompt and hotword parameters can also be included.
API_ENDPOINT="https://open.bigmodel.cn/api/paas/v4/audio/transcriptions" ... CURL_ARGS+=(-F "file=@$AUDIO_FILE")
Use this only with audio and context you are comfortable sending to Zhipu AI, and review the provider's privacy and retention terms for sensitive recordings.
Requests may be billed to or authorized under the user's Zhipu account, and exposure of the environment variable would expose that provider credential.
The skill requires a Zhipu API key and uses it as a bearer token for the transcription request, which is expected for this service.
if [ -z "$ZHIPU_API_KEY" ]; then ... CURL_ARGS+=(-H "Authorization: Bearer $ZHIPU_API_KEY")
Store the API key securely, avoid sharing logs or shells that reveal it, and rotate or restrict the key if the provider supports it.
Using the skill will execute local media-processing and network-upload commands for the selected file.
The helper script runs local ffmpeg conversion and curl upload commands on the user-selected audio file; this is central to the transcription workflow and the arguments are quoted.
ffmpeg -i "$AUDIO_FILE" ... "$TEMP_AUDIO" ... RESPONSE=$(curl -s -X POST "$API_ENDPOINT" "${CURL_ARGS[@]}")Install dependencies from trusted sources and run the skill only on files you intentionally want converted and submitted for transcription.