Voice To Protocol Transcriber
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its lab-note purpose, but its save-file handling can write outside the intended folder and its setup/privacy details need review.
Review the save-location behavior before using this skill, especially if experiment names may come from copied text or voice-derived content. Pin and verify dependencies, clarify whether any speech recognition is network-based, and store generated protocol files in an approved secure folder.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or untrusted experiment name could make the skill save files somewhere the user did not expect.
The experiment name is used directly in the output path with only spaces replaced. If it contains '../' or starts with an absolute path, the saved protocol can be written outside the configured save directory.
filename_base = f"{self.experiment_name.replace(' ', '_')}_{timestamp}" ... file_path = self.save_directory / f"{filename_base}.md"Sanitize experiment names, strip path separators, resolve the final path, and reject saves unless the resolved file remains inside the configured save directory.
Users may install different package versions than the author tested, or may not know which dependencies are actually required.
The skill documents manual installation of unpinned packages, while the registry has no install spec and requirements.txt does not list these same dependencies.
pip install speechrecognition pyaudio pydub python-docx
Provide a proper install specification or pinned requirements file that matches the documented dependencies.
A user could assume recordings stay local even though the documentation suggests some recognition modes may need network access.
The documentation gives mixed signals about whether speech recognition uses a network service, which matters for audio that may contain lab or clinical details.
"Chinese recognition requires good network connection" ... "Network Access | No external API calls | Low"
Clarify whether recognition is fully local or uses external services, and require explicit user approval before sending audio or transcripts to any provider.
Saved protocol files may contain sensitive research or clinical information and will remain on disk unless the user manages them.
The skill is designed to persist experiment records locally, and the documented use cases include clinical experiment logging.
"save_directory": "~/Documents/Experiment-Protocols" ... "Clinical experiment operation logging"
Store outputs only in approved locations, apply appropriate access controls, and avoid recording regulated or confidential data unless storage is compliant.