Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Voice Memo Transcribe
v1.1.0Transcribe Apple Voice Memos recordings to text, organize content, and save to Apple Notes. Workflow: iPhone Voice Memos → iCloud sync → Mac Voice Memos DB →...
⭐ 0· 43·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (transcribe Voice Memos → Notes) match the included scripts: listing memos from the Voice Memos DB, extracting embedded transcripts from .m4a, running faster-whisper transcription, and saving notes via AppleScript. Requested tools (ffmpeg, uv, faster-whisper) are appropriate for audio processing and local model runtime.
Instruction Scope
SKILL.md explicitly instructs reading the Voice Memos DB and audio files under ~/Library/Group Containers/... and writing a temporary file to /tmp before invoking osascript to create Notes. These actions are necessary for the described workflow, but granting Full Disk Access to the terminal (required to read the DB) is a broad permission — the instructions correctly call it out.
Install Mechanism
No install spec is provided (instruction-only), and included scripts are plain Python. The skill depends on third-party Python package faster-whisper and the uv runner; those are referenced by the runtime commands but not automatically installed—this is low-risk but means the user will install packages locally. Note: faster-whisper may download model weights from the internet when loading a model.
Credentials
No environment variables or external credentials are requested. The only sensitive permission required is Full Disk Access to read the Voice Memos DB and audio files; that is proportional to the task but worth user attention. There are no hard-coded network endpoints or secret-exfiltration behaviors in the code.
Persistence & Privilege
Skill is not always-enabled and does not request persistent system changes. It does create temporary files in /tmp and uses osascript to write Notes (expected for the stated purpose). It does not modify other skills or system-wide configs.
Assessment
This skill appears to do what it says: read your Mac's Voice Memos DB, transcribe audio locally with faster-whisper, and create Notes via AppleScript. Before installing: 1) Understand Full Disk Access grants the terminal broad file-read rights—only grant it if you trust the code and source. 2) faster-whisper may download large model files from the internet; expect network activity and disk usage. 3) Review the three included Python scripts yourself (they are small and readable) or run them manually on a test memo before automating. 4) If you prefer to limit risk, run the scripts in an isolated environment (temporary user account, VM, or container) and verify created Notes content. 5) Backup any important Notes/recordings before bulk operations.Like a lobster shell, security has layers — review code before you run it.
latestvk9781r00rpts26dzpt7a3pnv6h84rxcs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.