Back to skill
Skillv1.0.0
VirusTotal security
MH openai-whisper-api · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 29, 2026, 4:30 AM
- Hash
- d5996f46414aecf430eaa7513d2af157745deb3122bf7b099d0c7a25eb1a8753
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: mh-openai-whisper-api Version: 1.0.0 The skill bundle is designed to transcribe audio using the OpenAI Whisper API, a legitimate function. The `SKILL.md` provides clear instructions and examples without any malicious prompt injection attempts. The `scripts/transcribe.sh` script correctly handles user input by properly quoting variables (`"$in"`, `"$out"`, `"${model}"`, etc.) when used in shell commands and by passing parameters to `curl` as form fields (`-F`), which prevents shell injection. There is no evidence of data exfiltration beyond the stated purpose (sending audio to OpenAI), persistence, obfuscation, or other malicious behaviors.
- External report
- View on VirusTotal