Cloudflare Whisper Worker
v1.0.0Transcribe audio using a deployed Cloudflare Worker Whisper endpoint. Use when converting voice/audio files (wav, mp3, m4a, ogg, webm) to text through the cu...
⭐ 0· 331·0 current·0 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the included script and instructions: they POST raw audio to a Whisper Worker /transcribe route with a Bearer token. However the registry metadata does not declare the required WHISPER_WORKER_TOKEN nor does it list required binaries (the script uses curl and jq), which is an inconsistency between claimed requirements and actual runtime needs.
Instruction Scope
SKILL.md and the script are narrowly scoped to uploading an audio file to the given endpoint and extracting text. They do not attempt to read unrelated files or system credentials. Important runtime behavior: audio bytes (potentially sensitive) and the Authorization token are transmitted to the specified workers.dev host; this is expected for the stated purpose but is an important privacy implication.
Install Mechanism
No install spec and only an included shell script — nothing is downloaded or written during install. Low install risk.
Credentials
The skill requires a bearer token (WHISPER_WORKER_TOKEN) to call the endpoint, but the metadata did not declare any required environment variables. The script also depends on curl and jq which are not declared. Requiring a token to use a third‑party transcription endpoint is proportionate to the purpose, but the missing metadata and the fact that audio and tokens are sent to an externally hosted endpoint raise privacy and trust concerns.
Persistence & Privilege
The skill does not request persistent presence (always is false) and does not modify other skills or system-wide configuration.
What to consider before installing
This skill will upload whatever audio you point it at to the specific worker URL (https://lotfi-whisper-worker.medtouradmin.workers.dev) using a Bearer token. Before installing or using it: 1) Verify and trust the owner/operator of that workers.dev host — do not send sensitive or regulated audio to an unknown third party. 2) Ask the publisher to update metadata to declare WHISPER_WORKER_TOKEN and the required binaries (curl, jq) so you can evaluate requirements upfront. 3) Use a dedicated, scoped token (not a shared account credential), and rotate/delete it after use. 4) If privacy is critical, consider self‑hosting your own worker or using a trusted transcription provider. 5) Ensure curl and jq are available on the machine where you run the script.Like a lobster shell, security has layers — review code before you run it.
latest
Cloudflare Whisper Worker
Use this skill to transcribe audio through the deployed Whisper Worker API.
Endpoint
- Base URL:
https://lotfi-whisper-worker.medtouradmin.workers.dev - Route:
POST /transcribe - Auth:
Authorization: Bearer <API_TOKEN> - Body: raw audio bytes (
--data-binary @file)
Required environment variable
Set token once per shell:
export WHISPER_WORKER_TOKEN="<your_token>"
Transcribe a file (JSON response)
curl -sS -X POST "https://lotfi-whisper-worker.medtouradmin.workers.dev/transcribe" \
-H "content-type: audio/wav" \
-H "authorization: Bearer $WHISPER_WORKER_TOKEN" \
--data-binary "@audio.wav"
Transcribe and return only text
curl -sS -X POST "https://lotfi-whisper-worker.medtouradmin.workers.dev/transcribe" \
-H "content-type: audio/wav" \
-H "authorization: Bearer $WHISPER_WORKER_TOKEN" \
--data-binary "@audio.wav" \
| jq -r '.result.text // .text // .result.response // empty'
Content-Type guide
- WAV:
audio/wav - MP3:
audio/mpeg - M4A:
audio/mp4 - OGG/OPUS:
audio/ogg - WEBM:
audio/webm
Common errors
401 Unauthorized: missing/invalid bearer token400 Empty audio body: file path wrong or empty file400 Send raw audio...: invalid content-type header500: worker/runtime/model error; retry and inspect full JSON
Comments
Loading comments...