ANY WHISPER API
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a straightforward transcription helper, but it sends the audio file you choose and your Whisper API key to the configured or default transcription endpoint.
Install only if you are comfortable sending chosen audio files to the configured Whisper-compatible service. Verify WHISPER_API_HOST, protect WHISPER_API_KEY, and choose output paths carefully to avoid overwriting important files.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the key is exposed or sent to an untrusted host, someone could use or capture the user's Whisper-compatible API credential.
The helper sends the configured API key as a bearer token to the transcription API. This is expected for the stated purpose, but it is still credential-bearing account access.
-H "Authorization: Bearer $WHISPER_API_KEY"
Set WHISPER_API_HOST only to a trusted endpoint, store WHISPER_API_KEY securely, and rotate the key if it is accidentally exposed.
Audio files may contain private conversations or personal data and will be processed by the configured transcription service.
The selected audio file is uploaded to the configured Whisper-compatible host, or to the OpenAI default if no host is set. This is the core transcription function, but it crosses a data boundary.
curl -sS ${WHISPER_API_HOST:-https://api.openai.com}/v1/audio/transcriptions ... -F "file=@${in}"Use a trusted local server for sensitive audio, or review the provider's privacy practices before transcribing files that contain private information.