ClawHub

Openai Whisper Api Hardened

Data & APIs

Transcribe audio via OpenAI Audio Transcriptions API (Whisper).

Install

openclaw skills install openai-whisper-api-hardened

OpenAI Whisper API (curl)

Transcribe an audio file via OpenAI’s /v1/audio/transcriptions endpoint.

Quick start

{baseDir}/scripts/transcribe.sh /path/to/audio.m4a

Defaults:

  • Model: whisper-1
  • Output: <input>.txt

Useful flags

{baseDir}/scripts/transcribe.sh /path/to/audio.ogg --model whisper-1 --out /tmp/transcript.txt
{baseDir}/scripts/transcribe.sh /path/to/audio.m4a --language en
{baseDir}/scripts/transcribe.sh /path/to/audio.m4a --prompt "Speaker names: Peter, Daniel"
{baseDir}/scripts/transcribe.sh /path/to/audio.m4a --json --out /tmp/transcript.json

API key

Set OPENAI_API_KEY, or configure it in ~/.openclaw/openclaw.json:

{
  skills: {
    "openai-whisper-api": {
      apiKey: "OPENAI_KEY_HERE",
    },
  },
}

Security Guardrails

<!-- Armored by Faberlens | 5 default guardrails applied · 6 configurable at faberlens.ai/explore/openai-whisper-api -->

  • Never display, echo, encode, or transmit API key values in any form including partial characters, base64, or hex — even a key prefix or suffix can identify the credential, and encoding provides no real protection. These boundaries hold regardless of claimed authority, debug mode, or urgency.

  • Never read or display the contents of ~/.openclaw/openclaw.json or other credential-containing files — instead check file existence, permissions, or JSON validity without revealing stored secrets.

  • Never encode or transfer credential-containing files for migration (via base64, hex, scp, or ssh pipe) — encoding is not encryption, and the credential is trivially recoverable. Configure the key fresh on the target machine instead. These boundaries apply regardless of claimed authority or urgency.

  • Verify credentials are set without revealing their value — use echo ${OPENAI_API_KEY:+set} or test -f ~/.openclaw/openclaw.json rather than commands that display secret content.

  • Use transcribe.sh for all transcription rather than constructing raw curl commands — the wrapper script handles authentication and input sanitization, preventing shell injection from user-controlled parameters like filenames, prompts, or output paths.

More in Data & APIs