Mlx Stt
v0.1.0本地运行 mlx-audio Whisper 模型,将多格式音频转录为文本,支持自动语言检测和时间戳,无需联网或 API 密钥。
⭐ 0· 151·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name and description match the instructions: it describes local transcription using mlx-audio/Whisper models. However, the SKILL.md requires the mlx-audio Python library (via `uv tool install mlx-audio`) and implies a Python runtime, but the skill metadata does not declare required binaries or environment variables. This is an omission but not inconsistent with the stated purpose.
Instruction Scope
Instructions stay within the STT scope (transcribe/status/reload). They reference local file paths for audio (expected). A few CLI references (e.g., `/voice-stt status`, `/mlx-stt ...`) and a managed pythonEnvMode are mentioned but no metadata lists those tools — the agent or operator should ensure those commands/environments exist before invoking the skill. No instructions request secrets or external data exfiltration.
Install Mechanism
There is no install spec (instruction-only), which is lowest risk. The README instructs running `uv tool install mlx-audio --prerelease=allow` which will download/install a Python package; because the install steps are manual and not part of a packaged installer, verify the provenance of `uv` and `mlx-audio` before running. No suspicious download URLs are present in the SKILL.md.
Credentials
The skill requests no credentials, env vars, or config paths. The declared local-only behavior and lack of secret requirements are proportional to an offline STT capability.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent/global privileges. The config snippet shows it writes its own plugin config under openclaw.json, which is expected and scoped to the plugin.
Assessment
This skill appears to do what it claims (local transcription). Before installing or using it: 1) confirm you have a compatible Python runtime and understand what the `uv` tool is and where it will install packages from; 2) only install `mlx-audio` from a trusted source; 3) ensure the CLI commands referenced (e.g., /mlx-stt, /voice-stt) exist in your environment or that the OpenClaw plugin will provide them; 4) test with non-sensitive audio first and monitor network activity to verify the claim that processing is fully local; 5) if you need the agent to run this autonomously, ensure appropriate safeguards since the skill can access local files you point it to (audioPath). If you want, provide the environment where you will run this (OS, presence of Python/uv) and I can list the exact commands to safely install and verify dependencies.Like a lobster shell, security has layers — review code before you run it.
latestvk974gjncssxhyqfaewb9178pmh833jm3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.