ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Whisper Local Api

v1.0.0

Secure, offline, OpenAI-compatible local Whisper ASR endpoint for OpenClaw. Features faster-whisper (large-v3-turbo), built-in privacy with no cloud telemetr...

0· 428·0 current·0 all-time
byRoman Slysh@hantok
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims '100% offline & private' but the provided bootstrap script clones a remote GitHub repository (default REPO_URL) and runs code from that repo. Model weights and runtime behavior are not included in the skill bundle, so network access will be required to obtain the server code and likely model files—this contradicts the offline guarantee in the description.
!
Instruction Scope
Runtime instructions direct the operator to run bootstrap.sh, start.sh, healthcheck.sh, and a smoke-test. bootstrap.sh creates a venv and runs 'pip install -r requirements.txt' from the cloned repo; start.sh invokes an external run_server.sh from the cloned repo. The skill executes code that is not bundled with the skill (the remote repo) which may perform arbitrary operations (network I/O, telemetry, filesystem changes). The included scripts use curl only against localhost, but there is no assurance the remote repo will not contact external endpoints.
Install Mechanism
No registry install spec is declared, but bootstrap.sh clones a GitHub repository (https://github.com/Hantok/local-whisper-backend.git by default) and installs Python packages from its requirements.txt. GitHub is a well-known host (lower risk than arbitrary IPs or paste sites), but cloning + pip install means remote code will be fetched and executed—this is a moderate install risk and requires network access.
Credentials
The skill declares no required credentials or sensitive env vars. It does accept optional overrides (WHISPER_DIR, WHISPER_REPO_URL, WHISPER_HEALTHCHECK_URL, WHISPER_API_URL). No secrets are requested. Note: WHISPER_REPO_URL can be set to any repository, which if misused could cause arbitrary code to be installed.
Persistence & Privilege
The skill does not request always:true, does not modify other skills' configs, and does not request elevated or persistent platform privileges. start.sh launches run_server.sh as a background process under the user account; there is no automatic systemd/cron installation in the provided scripts.
What to consider before installing
This skill appears to implement a local Whisper API but relies on cloning and running code from a remote repository and installing Python packages, which undermines the '100% offline' claim. Before installing: (1) inspect the remote repository (the default repo URL or any WHISPER_REPO_URL you set) and review its run_server.sh and requirements.txt for network calls or telemetry; (2) run the bootstrap/start steps inside a disposable VM or container; (3) be prepared that model weights may be downloaded at runtime (network access) and could be large; (4) if you need strict offline guarantees, obtain vetted offline artifacts (server code and model files) and set WHISPER_DIR to a local copy instead of cloning; (5) avoid supplying third-party WHISPER_REPO_URLs unless you trust the source.

Like a lobster shell, security has layers — review code before you run it.

latestvk97em81ray2q2ffcrdgqd2en8d81phpa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments