Faster Whisper Transcription
v1.0.0Transcribes local voice messages to text using Faster Whisper models for fast, privacy-focused speech recognition on audio files.
⭐ 0· 864·3 current·3 all-time
byKhalid Almuraee@kalmuraee
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with using Faster Whisper for local transcription and the SKILL.md asks to pip-install faster-whisper and run a transcription command, which is generally consistent. However the skill provides no code and no explicit source for the 'voice-transcribe' command it instructs you to run, leaving a gap between claimed capability and provided artifacts.
Instruction Scope
Instructions tell the agent/user to run 'pip3 install --break-system-packages faster-whisper' and then run 'voice-transcribe /path/to/audio.ogg'. That install step causes arbitrary remote code to be installed into the system Python environment (the --break-system-packages flag is potentially destructive), and the SKILL.md does not explain where the 'voice-transcribe' CLI comes from or what it will do with the audio (download models, network activity, file writes). The instructions therefore are incomplete and grant broad discretion to install/run third-party code.
Install Mechanism
This is an instruction-only skill, but it explicitly asks to pip-install a third-party package from the network. Installing a pip package is a moderate-risk operation because it downloads and executes code from PyPI (or whatever index pip resolves to). The use of --break-system-packages increases risk by allowing modification of the system Python environment instead of suggesting a virtualenv/containerized install.
Credentials
The skill requests no environment variables, credentials, or config paths. There is no direct request for unrelated secrets or system credentials.
Persistence & Privilege
The skill does not request always:true, does not declare installs that modify other skills or system-wide settings in the registry metadata, and is user-invocable only. No elevated persistence is requested by the manifest.
What to consider before installing
This skill's goal (local transcription using Faster Whisper) is reasonable, but the instructions are incomplete and ask you to install a third-party pip package into your system Python using --break-system-packages. Before installing or running it, consider: 1) Verify the faster-whisper package source (PyPI project page, GitHub repo) and inspect its code or release artifacts; 2) Avoid --break-system-packages — install inside a virtualenv, conda env, or container to isolate changes; 3) Confirm whether the 'voice-transcribe' CLI is provided by that package and what network or model downloads it will perform (model downloads can be large and may contact external servers); 4) Test installation and transcription in a sandboxed VM/container first to ensure no unexpected behavior or data exfiltration; 5) If you cannot verify the package/source, do not run the pip install on a production machine. If you want, provide the package source URL or the exact command the agent will run and I can re-evaluate with more detail.Like a lobster shell, security has layers — review code before you run it.
audiolatesttranscriptionwhisper
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Voice Transcription Skill
Transcribes voice messages using Faster Whisper (local, privacy-first).
Requirements
pip3 install --break-system-packages faster-whisper
Usage
# Transcribe a voice file
voice-transcribe /path/to/audio.ogg
# Or use with media path
voice-transcribe ~/.openclaw/media/inbound/file_xxx.ogg
Models
tiny- Fastest, lowest accuracy (default)base- Balancedsmall- Better accuracymedium- High accuracy (requires more RAM)
Output
Returns transcribed text from voice messages.
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…