Whisper Tailnet API

v0.1.1

Consume the shared Whisper speech-to-text API over Tailnet at http://100.92.116.99:8765 using OpenAI-compatible audio transcription endpoint (/v1/audio/trans...

⭐ 0· 301·0 current·0 all-time

by@lotfinity

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

Name/description (Whisper STT over Tailnet) aligns with the runtime instructions: curl POST of raw audio to /v1/audio/transcriptions on 100.92.116.99:8765. The skill does not ask for unrelated capabilities or credentials.

Instruction Scope

SKILL.md instructs the agent to read local audio files and POST them (binary) to http://100.92.116.99:8765/v1/audio/transcriptions. This will transmit user audio to an external/unvetted host, over plain HTTP (no TLS) and no auth. That is expected for a transcription skill but presents privacy/exfiltration risk because the target host is an unknown Tailnet address with no provenance or homepage.

✓

Install Mechanism

Instruction-only skill with no install spec or code files — nothing is written to disk or installed by the registry package itself, which minimizes supply-chain risk.

ℹ

Credentials

No environment variables or credentials are requested, which is proportionate. However, absence of auth means the endpoint accepts unauthenticated uploads — combined with the unknown host this increases privacy risk.

✓

Persistence & Privilege

Skill is not always-enabled and does not request any persistent/system privileges. It is user-invocable and can be invoked autonomously per platform defaults (not a unique risk by itself).

What to consider before installing

This skill simply tells the agent to upload audio files to http://100.92.116.99:8765 (a private/Tailnet IP). Before using it, verify who operates that server and that you trust them to receive your audio. Do not send sensitive or confidential audio until you confirm ownership and security (prefer HTTPS and authenticated endpoints). If you cannot verify the host, test with harmless short clips only, or host/route transcription through a trusted service (official Whisper/OpenAI or your own server). Be aware agents will read the specified local audio file paths and transmit their contents. If you need help verifying the server (ownership, TLS, auth), get that information from the skill author or network administrator before enabling it.

Like a lobster shell, security has layers — review code before you run it.

latestvk9760zfbpew0160q05hcndjskx82a6nbopenclawvk976qexcpn87fnabbtf81ajy4d826w2asttvk976qexcpn87fnabbtf81ajy4d826w2atailnetvk976qexcpn87fnabbtf81ajy4d826w2awhispervk976qexcpn87fnabbtf81ajy4d826w2a

301downloads

0stars

2versions

Updated 1mo ago

v0.1.1

MIT-0

Whisper STT API over Tailnet (OpenAI-compatible)

Use this guide to call the shared Whisper server.

Endpoint

Base URL: http://100.92.116.99:8765
Health: GET /health
Transcribe: POST /v1/audio/transcriptions (raw binary body)

Quick health check

curl -sS http://100.92.116.99:8765/health

Transcribe audio (recommended)

curl -sS -X POST \
  --data-binary @/path/to/audio.wav \
  "http://100.92.116.99:8765/v1/audio/transcriptions?ext=.wav"

Time the request

time curl -sS -X POST \
  --data-binary @/path/to/audio.wav \
  "http://100.92.116.99:8765/v1/audio/transcriptions?ext=.wav"

Notes

Prefer this OpenAI-compatible route over /transcribe on this host.
Pass file type via ext query (example: .wav, .mp3, .m4a).
Use language query when known to improve accuracy.

Expected response shape

{
  "text": "transcribed text...",
  "model": "turbo"
}

Comments

Loading comments...