Back to skill
Skillv1.0.1
ClawScan security
Telnyx Stt · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:41 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it transcribes local audio by sending it (with TELNYX_API_KEY) to Telnyx's API and requests only the credential and python3 that it needs.
- Guidance
- This skill is coherent with its stated purpose, but review these practical points before installing: (1) the script will send the audio file and your TELNYX_API_KEY to Telnyx's API — only use it with audio you are allowed to transmit and with a key you trust. (2) The source is 'unknown' — consider rotating the API key after first use and run the script in an isolated environment if you have strong privacy concerns. (3) The implementation manually constructs multipart payloads (works but is simple); for production use you may prefer an official SDK. (4) If you need auditability or to avoid transmitting sensitive audio, do not use this skill or sanitize data before sending.
Review Dimensions
- Purpose & Capability
- okName/description (Telnyx STT) match the code and SKILL.md. The only required credential is TELNYX_API_KEY and the only network endpoint contacted is https://api.telnyx.com/v2/ai/audio/transcriptions — all are appropriate for a Telnyx STT wrapper.
- Instruction Scope
- okSKILL.md instructs the agent to run the included Python script on a given audio file. The script reads only the specified audio file and the TELNYX_API_KEY environment variable and posts them to Telnyx; it does not read other files, system paths, or extra environment variables.
- Install Mechanism
- okNo install spec is provided (instruction-only with a small script). Nothing is downloaded or extracted at install time, minimizing installation risk.
- Credentials
- okOnly TELNYX_API_KEY is required and declared as the primary credential. That is proportionate to making authenticated API calls to Telnyx. No unrelated credentials or excessive env access are requested.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request special persistent or system-level privileges. It does not modify other skills or system configurations.