Transcribe audio files via OpenRouter using audio-capable models
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: openrouter-transcribe Version: 1.0.0 The skill bundle is benign. It transparently uses standard system binaries (ffmpeg, base64, jq, curl) to convert audio, encode it, and send it to the OpenRouter API for transcription. The `OPENROUTER_API_KEY` is read from the environment and used for authentication with the legitimate `openrouter.ai` endpoint, which is the stated purpose. There is no evidence of data exfiltration beyond the necessary API key, malicious execution, persistence mechanisms, or prompt injection attempts against the OpenClaw agent. All operations are clearly defined and aligned with the skill's description.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Requests may be billed to or associated with your OpenRouter account.
The script uses the user's OpenRouter API key as a bearer token to authenticate the transcription request. This is expected for an OpenRouter integration and no unrelated credential use is shown.
-H "Authorization: Bearer $OPENROUTER_API_KEY"
Use an OpenRouter key intended for this purpose, keep it private, and monitor provider usage if cost or quota matters.
Any audio you transcribe leaves your machine and is processed by OpenRouter and the selected model provider.
The skill clearly discloses that audio content is sent to OpenRouter for transcription. This is purpose-aligned, but audio files can contain private or sensitive information.
Sends to OpenRouter chat completions with `input_audio` content
Only use this skill for audio you are comfortable sending to OpenRouter, and review OpenRouter/model-provider privacy and retention policies for sensitive recordings.