ClawHub

MH openai-whisper-api

v1.0.0

Transcribe audio via OpenAI Audio Transcriptions API (Whisper).

0· 440·0 current·0 all-time
by@mohdalhashemi98-hue
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary (curl), required env var (OPENAI_API_KEY), and provided script all align with a Whisper transcription client that calls OpenAI's audio/transcriptions API.
Instruction Scope
SKILL.md and the script only instruct uploading a provided audio file to api.openai.com and writing the response to a local file. The README suggests an alternate place to store the API key (~/.openclaw/openclaw.json) for user convenience, but the script itself only reads OPENAI_API_KEY from the environment. There are no instructions to read arbitrary system files or send data to other endpoints.
Install Mechanism
Instruction-only skill with no install spec and a small helper script; no downloads or extraction steps. This is low-risk from an install perspective.
Credentials
Only OPENAI_API_KEY is required, which is appropriate for calling OpenAI's API. No other credentials, system config paths, or unrelated environment variables are requested. The key is used directly in an Authorization header to call OpenAI — expected behavior.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent system privileges. It does not modify other skills or system configuration.
Assessment
This skill simply uploads a local audio file to OpenAI's transcription endpoint using curl and your OPENAI_API_KEY. Before installing, consider: (1) Privacy — your audio is sent to OpenAI; don't upload sensitive audio unless you're comfortable with OpenAI's handling and retention policies. (2) Keep your OPENAI_API_KEY secret and revoke it if compromised. (3) The SKILL.md mentions storing a key in ~/.openclaw/openclaw.json for convenience, but the script only reads the OPENAI_API_KEY environment variable — ensure you understand how your platform provides keys. (4) Verify network access to api.openai.com and that curl is the expected binary on your system. The included shell script is short, readable, and not obfuscated; no other endpoints or hidden behaviors were found.

Like a lobster shell, security has layers — review code before you run it.

latestvk9713wvjv45003zj436kphzqtn81vtmr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

☁️ Clawdis
Binscurl
EnvOPENAI_API_KEY
Primary envOPENAI_API_KEY

Comments