ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Speech to Text

v1.0.0

Transcribe or translate audio files to text using a public Hugging Face Whisper Space over Gradio. Use when the user sends voice notes, audio attachments, me...

0· 206·0 current·0 all-time
by@shu-hari
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim using a public Hugging Face Whisper Space; the included script and SKILL.md both implement exactly that (upload to a Gradio Space, call predict, wait for result). No unrelated binaries, env vars, or services are requested.
Instruction Scope
Instructions explicitly tell the agent to read a local audio file and upload it to a public Gradio/Hugging Face Space. This is expected for the stated purpose but has privacy implications (documented in guardrails). The skill does not attempt to read other files or arbitrary system state.
Install Mechanism
No install spec; skill is instruction + a small Python script. No external downloads or package installs are performed by the skill itself.
Credentials
No credentials or sensitive environment variables are required. The only optional environment variable (HF_WHISPER_SPACE) is used to override the target space URL and is justified by the purpose.
Persistence & Privilege
Skill is not declared always:true and does not request persistent system privileges. It runs as an on-demand script and does not modify other skills or global agent settings.
Assessment
This skill works as advertised: it reads a local audio file and uploads it to a public Hugging Face Gradio Space for Whisper-based transcription. Before installing or using it, consider privacy and trust: the default endpoint is a third-party public space (hf-audio-whisper-large-v3-turbo.hf.space), so do not send highly sensitive audio unless you accept third-party processing. You can override the space with HF_WHISPER_SPACE or --space to point to a self-hosted or trusted endpoint. Verify the space URL you use is trustworthy, and be aware of rate limits, queueing, and potential outages. The script makes outbound HTTP requests and prints results; review or audit the target space if you need confidentiality guarantees.

Like a lobster shell, security has layers — review code before you run it.

audiovk979gj7n27s1gt2vtvj7a0pzdx82q5f8freevk979gj7n27s1gt2vtvj7a0pzdx82q5f8latestvk979gj7n27s1gt2vtvj7a0pzdx82q5f8speech-to-textvk979gj7n27s1gt2vtvj7a0pzdx82q5f8transcriptionvk979gj7n27s1gt2vtvj7a0pzdx82q5f8voicevk979gj7n27s1gt2vtvj7a0pzdx82q5f8whispervk979gj7n27s1gt2vtvj7a0pzdx82q5f8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments