ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Speech Transcriber | 语音转录器

v1.0.0

语音转文字(Speech-to-Text)工具。 支持从麦克风录音,使用 Whisper(faster-whisper)在本地进行语音转文字, 或通过 OpenAI 兼容 API 进行云端转写。 触发词:录音、语音转文字、STT、语音识别、转写、录音转文字。 适用平台:Linux / Windows / macOS。

0· 18·0 current·0 all-time
by@moroiser
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (speech→text, local Whisper or API) match the shipped scripts and docs. All required operations—recording, local model inference, optional API use—are explained and justified by the skill's purpose.
Instruction Scope
SKILL.md directs installing Python deps, downloading models, recording audio, and (optionally) sending audio to an OpenAI‑compatible API. That external API upload is expected for the 'api' engine, but the docs correctly describe it. The SKILL.md mentions environment variables (OPENCLAW_WORKSPACE, STT_MODEL_PATH, STT_API_URL, STT_API_KEY) even though the registry lists no required env vars; these are optional and used only in API/model-path scenarios.
Install Mechanism
No formal install spec (instruction-only), so installation is user-driven (pip install -r requirements.txt). Model downloads use faster-whisper.download_model which fetches model data from HuggingFace (or a mirror if HF_ENDPOINT set). This is expected for ML models but will download large files from the network and write them to disk.
Credentials
The only sensitive environment variables mentioned are STT_API_KEY and STT_API_URL for optional API use; these are proportional to the 'api' engine. No unrelated credentials or unexpected secrets are requested. OPENCLAW_WORKSPACE and STT_MODEL_PATH are configuration paths only.
Persistence & Privilege
always:false and the skill does not request persistent platform privileges or modify other skills. It writes models and outputs into its skill folder and the user's workspace (as documented), which is expected behavior.
Assessment
This skill appears to do what it says: record audio, run local Whisper inference, or send audio to an OpenAI‑compatible API. Before installing, consider: (1) model downloads are large and will pull files from HuggingFace (or a mirror) into your home/workspace; ensure you have disk space and network allowance, (2) if you use the API engine you will transmit audio and must provide STT_API_KEY/STT_API_URL — only supply keys you trust and understand the privacy implications, (3) install the Python requirements in a virtual environment (pip install -r requirements.txt) to avoid affecting system packages, and (4) the scripts write recordings and transcriptions under ~/.openclaw/workspace by default — check that location if you want to manage or delete data. Minor notes: there are small code issues (e.g., duplicate import name in record_and_transcribe.py) but nothing that indicates malicious intent.

Like a lobster shell, security has layers — review code before you run it.

latestvk977v80w9fwk4jwqzqvqaxr3kn84938s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments