ClawHub

Gemini STT

v1.1.0

Transcribe audio files using Google's Gemini API or Vertex AI

2· 3.1k·11 current·11 all-time
by@araa47
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Skill name/description (Gemini/Vertex STT) match the code and runtime instructions. The only mismatch is registry metadata claiming 'no required env vars' while SKILL.md and the script require either GEMINI_API_KEY or Google ADC (gcloud). This is an inconsistency in metadata, not in functionality.
Instruction Scope
Runtime instructions and the script are scoped to reading an audio file, base64-encoding it, and calling Google Gemini or Vertex endpoints. It invokes 'gcloud' only to obtain an access token/project configuration. It does not read unrelated system files or send data to unexpected endpoints.
Install Mechanism
No install spec; the skill is instruction-only with a single Python script that uses only the standard library. Low risk from installation artifacts.
Credentials
Authentication requirements (GEMINI_API_KEY or gcloud ADC and possibly GOOGLE_CLOUD_PROJECT/CLOUDSDK_CORE_PROJECT) are appropriate for contacting Gemini/Vertex. However, the skill metadata declares no required environment variables or primary credential, which is inaccurate and could mislead users about needed credentials.
Persistence & Privilege
The skill does not request permanent inclusion (always:false), does not modify other skills or system settings, and does not persist credentials. It runs commands locally (gcloud) but does not escalate privileges or change system-wide configuration.
Assessment
This skill is coherent with its stated purpose, but before installing: (1) be aware it requires authentication—either set GEMINI_API_KEY or run 'gcloud auth application-default login' and ensure a proper GCP project is configured; the registry metadata currently omits these requirements. (2) Using ADC (gcloud) will cause the script to call 'gcloud auth print-access-token' and use your ADC permissions to call Vertex; prefer a least-privilege service account or isolated environment if you are concerned about exposing broader GCP credentials. (3) GEMINI_API_KEY should be stored securely (not in world-readable files). (4) Review and run the script in a safe environment if you want to inspect network calls; endpoints contacted are standard Google APIs (generativelanguage.googleapis.com and *.aiplatform.googleapis.com). If you need the metadata fixed or want the skill to declare GEMINI_API_KEY / GOOGLE_CLOUD_PROJECT as required, request that from the publisher before trusting it in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk9760rgpgzx1whkz2gjdd5wfxh7zd29b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎤 Clawdis
OSLinux · macOS

Comments