Back to skill
Skillv1.0.0
ClawScan security
Whisnap · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 18, 2026, 4:26 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it is an instruction-only wrapper for the Whisnap macOS CLI and asks for no unexpected credentials or installs.
- Guidance
- This skill is a thin, instruction-only helper that expects the official Whisnap macOS app and its CLI symlink. Before installing or using it: (1) confirm you installed Whisnap from the official homepage (https://whisnap.com) to avoid a counterfeit binary; (2) be aware that using --cloud will send audio to Whisnap Cloud under the app's account—don't upload sensitive audio unless you trust the service and account used to sign in; and (3) the CLI will read files you pass to it and reuse models stored under ~/Library/Application Support/com.whisnap.desktop/, which is expected behavior.
Review Dimensions
- Purpose & Capability
- okName/description align with requirements: the skill expects a macOS 'whisnap' CLI installed by the Whisnap app and only documents transcription commands and app-backed model usage.
- Instruction Scope
- okSKILL.md only instructs use of the 'whisnap' binary against user-provided audio/video files, references the app's config path for model reuse, and does not request unrelated files, credentials, or network endpoints beyond Whisnap Cloud (which is handled via the app).
- Install Mechanism
- okNo automated install; install guidance is manual via the official app settings which creates a symlink. Instruction-only skills and a manual install step are low-risk and consistent with the stated purpose.
- Credentials
- okNo environment variables or credentials are required by the skill. Cloud mode is noted but sign-in is handled by the app rather than by providing secrets to the skill, which is proportionate.
- Persistence & Privilege
- okSkill is not forced-always, does not request persistent privileges, and contains no instructions to modify other skills or system-wide settings beyond the app-created CLI symlink.