Transcribe
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The Docker image built during installation can vary over time depending on upstream package and model changes.
The manual installer pulls an unpinned Docker base image, installs an unpinned Python package, and pre-downloads a model during build. This is expected for a local Whisper setup, but the install-time inputs are not pinned.
FROM python:3.11-slim
RUN pip install --no-cache-dir faster-whisper
RUN python3 -c "from faster_whisper import WhisperModel; WhisperModel('small', device='cpu', compute_type='int8')"Build only in a trusted environment and consider pinning the Docker image, Python package version, and model source before installation.
The advertised transcribe command may not install successfully, and the intended wrapper behavior is not available for review in the provided artifacts.
The installer copies a scripts/transcribe wrapper, but the provided file manifest includes only SKILL.md and scripts/install.sh. SKILL.md also references scripts/transcribe, so the package appears incomplete.
sudo cp "$SCRIPT_DIR/transcribe" /usr/local/bin/transcribe
Obtain and review a complete package including scripts/transcribe before running the installer.
Running the installer can add or replace a system-wide command named transcribe.
The install step requests elevated privileges to write an executable into a system command directory. This is a common CLI install pattern and is purpose-aligned, but it affects a privileged path.
sudo cp "$SCRIPT_DIR/transcribe" /usr/local/bin/transcribe sudo chmod +x /usr/local/bin/transcribe
Review the installed wrapper first, or install to a user-local bin directory if you do not want system-wide changes.