Douyin Transcriber
Transcribe speech from audio or video files, automatically extracting audio and converting to text using Docker Whisper ASR for Douyin/TikTok media.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 2 · 0 current installs · 0 all-time installs
byDon Li@don068589
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (Douyin Transcriber using Docker Whisper ASR) matches the SKILL.md workflow (ffmpeg -> Docker container ASR -> curl to localhost). However the registry metadata claims no required binaries or env vars while the instructions clearly require Docker and ffmpeg and recommend container env vars (ASR_MODEL/ASR_ENGINE). This metadata/instruction mismatch is inconsistent.
Instruction Scope
Instructions ask operators to run 'docker run' to pull and run an HTTP ASR service and to run ffmpeg locally and curl audio to localhost. They do not request unrelated system files or credentials, but they do (a) use an unspecified placeholder PORT, (b) assume ability to run Docker (which implies daemon/root access), and (c) direct pulling/execution of a remote image. The steps grant the container network/host-execution potential that isn't described in metadata.
Install Mechanism
No formal install spec (instruction-only), but the SKILL.md instructs pulling a Docker image 'onerahmet/openai-whisper-asr-webservice:latest' from Docker Hub. Pulling and running an unpinned, third‑party image (latest tag, unknown maintainer) is higher risk because images can contain arbitrary code. No guidance to pin a digest, verify source, or run the container with reduced privileges.
Credentials
The skill does not request credentials or secret environment variables. It recommends container env vars for model selection (ASR_MODEL, ASR_ENGINE) which are non-sensitive. However, running Docker implies access to the Docker daemon (privileged), which can be used to access the host; that privilege is disproportionate relative to a metadata claim of 'no required binaries'.
Persistence & Privilege
The skill is not marked always:true and has no install that forces persistent presence. It instructs running a container that exposes an HTTP port (user-controlled). The skill itself does not request elevated platform privileges beyond normal Docker usage, but the act of running arbitrary containers increases blast radius if the image is malicious.
What to consider before installing
This skill appears to do what it says (local transcription) but has several practical and security gaps you should address before running it:
- Metadata mismatch: the SKILL.md requires Docker and ffmpeg but the skill metadata lists none. Assume you need Docker and ffmpeg.
- Untrusted image: the instructions pull onerahmet/openai-whisper-asr-webservice:latest from Docker Hub. Prefer a well-known repo or a pinned digest (sha256) and inspect the Dockerfile/source before running. Avoid :latest.
- Run safely: execute the container in an isolated VM or sandbox, not on a critical host. Use --rm, drop capabilities, run as non-root user, bind-mount only the directory with audio (read-only if possible), and restrict network access if you don't want the container to contact the internet.
- Scan the image: use tools like trivy/snyk/clair to scan the image for vulnerabilities and malware signatures before running.
- Port and config: the SKILL.md uses a PORT placeholder—confirm what port to expose and avoid binding to privileged or widely routable host ports.
- Ask the author for provenance: request a homepage or source repository, a specific release/tag or digest, and minimal runtime flags recommended for secure execution. If you cannot verify the image or source, run a locally built, audited ASR container instead.
Given these issues (metadata omissions and an unpinned third‑party Docker image), treat the skill as suspicious until you can verify the container source and run it in a hardened environment.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.5
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Douyin Transcriber
Transcribe audio/video files to text using local Docker Whisper ASR.
Quick Start
curl -X POST "http://localhost:PORT/asr" -F "audio_file=@/path/to/video.mp4"
The container has built-in ffmpeg for automatic audio extraction.
Prerequisites
| Tool | Purpose | Install |
|---|---|---|
| Docker | Whisper ASR | Docker Desktop |
| ffmpeg | Audio extraction | winget install Gyan.FFmpeg |
Deploy Whisper ASR:
docker run -d -p PORT:PORT -e ASR_MODEL=small -e ASR_ENGINE=faster_whisper --name whisper-asr onerahmet/openai-whisper-asr-webservice:latest
Workflow
Step 1: Extract Audio from Video
ffmpeg -i video.mp4 -ar 16000 -ac 1 -c:a pcm_s16le audio.wav -y
Parameters:
-ar 16000: 16kHz sample rate-ac 1: Mono channel-c:a pcm_s16le: 16-bit PCM
Step 2: Transcribe
curl -X POST "http://localhost:PORT/asr" -F "audio_file=@audio.wav"
Optional: specify language
curl -X POST "http://localhost:PORT/asr" -F "audio_file=@audio.wav" -F "language=zh"
Step 3: Parse Result
Response format:
{
"text": "Transcribed content...",
"segments": [
{"start": 0.0, "end": 2.5, "text": "First sentence"},
{"start": 2.5, "end": 5.0, "text": "Second sentence"}
],
"language": "zh"
}
Model Selection
| Model | Size | 5-min video | Accuracy |
|---|---|---|---|
| tiny | 75MB | ~30s | Fair |
| base | 142MB | ~1min | Good |
| small | 466MB | ~3min | Better (recommended) |
| medium | 1.5GB | ~8min | Best |
Change model via environment variable: -e ASR_MODEL=medium
Supported Formats
Video: mp4, mkv, avi, mov, flv, wmv, webm, m4v
Audio: wav, m4a, mp3, aac, ogg, flac, wma, opus
Troubleshooting
| Issue | Solution |
|---|---|
| Docker not available | Install Docker Desktop |
| Container start fails | Check port availability |
| Transcription timeout | Use smaller model or split audio |
| ffmpeg not found | winget install Gyan.FFmpeg |
Related Modules
- douyin-fetcher - Video download
- douyin-analyzer - Content analysis
- douyin-orchestrator - Workflow coordination
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…