Whisper Transcribe
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to be a straightforward local Whisper transcription wrapper, with the main caveat that it depends on external tools and a model download.
Before installing, make sure you are comfortable installing openai-whisper and ffmpeg from trusted sources and allowing Whisper to download its model. The skill otherwise appears to process user-selected audio locally and write transcript files to a chosen directory.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or running the skill requires trusting the local Whisper and ffmpeg tools and allowing Whisper to download a model file.
The skill relies on external software installation and a model download, while the registry metadata does not declare required binaries. This is normal for a Whisper wrapper, but users should trust and manage those dependencies.
- `whisper` CLI (`pip install openai-whisper`) - `ffmpeg` (for audio decoding) - First run downloads the model (~150MB for base)
Install openai-whisper and ffmpeg from trusted sources, consider pinning package versions, and be aware of the initial model download.
Running transcription will execute the local Whisper CLI and create transcript files.
The script executes the local `whisper` command on user-provided audio files. This is central to the stated purpose, uses shell arrays rather than eval, and does not show hidden or unrelated execution.
if whisper "${args[@]}" "$file" 2>&1; thenRun it only on files you intend to transcribe and verify that the `whisper` command on your PATH is the expected trusted binary.