Whisper Stt
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private audio contents could be converted to text and sent into a Feishu workspace or chat without the user clearly choosing where it goes.
The skill directs automatic transmission of transcribed audio content to Feishu, but does not specify the recipient, channel, account boundary, or confirmation step. If the agent has Feishu/messaging tools, sensitive transcripts could be posted outside the local transcription context.
当用户发送语音/音频文件时,自动: 1. 识别语音内容 2. 转换为文字 3. 发送文字到飞书
Make Feishu delivery optional and explicit: require user approval, define the exact destination, and document any Feishu permissions or credentials needed.
Installation may fetch third-party code, system packages, and large model files onto the user's machine.
The skill depends on external packages and system tools installed manually. This is expected for a Whisper transcription skill, but versions are not pinned and the registry/install metadata does not declare these requirements.
pip3 install openai-whisper brew install ffmpeg # macOS # or: sudo apt install ffmpeg # Ubuntu
Install dependencies from trusted sources, consider pinned versions or checksums, and declare required packages/binaries in the skill metadata or install spec.