Earnings Call Processor
AdvisoryAudited by Static analysis on May 12, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill executes the installed Whisper command and processes the selected audio file on the local machine.
The script runs an external local CLI on a user-provided audio path. It uses an argument list rather than shell=True and is central to the transcription workflow, so this is expected but still noteworthy local command execution.
cmd = ["whisper", str(audio_path), "--model", model, "--output_format", "txt", ...]; result = subprocess.run(cmd, capture_output=True, text=True)
Install Whisper from a trusted source, run the command only on files you intend to process, and avoid using broad or shared output directories.
Security depends partly on the Whisper and pandas installations present in the user environment.
The skill relies on external runtime dependencies, but the supplied artifacts do not include a pinned install spec or lockfile. This is common for instruction-oriented skills but leaves dependency provenance to the user.
"requires": { "bins": ["whisper"], "python": [">=3.10"], "packages": ["pandas"] }Use trusted package sources and known-good versions for Whisper and pandas before running the script.
If the Feishu publishing step is used, generated call transcripts and financial summaries may be stored in a Feishu workspace under the user's account.
The generated report is intended to be handed to another skill/provider for Feishu document creation. This is disclosed and user-directed, but it can share transcript and financial content outside the local environment.
use the feishu-doc skill to publish: python3 /path/to/feishu-doc/scripts/doc_ctl.py create "AAPL Earnings Call Summary" --content "$(cat /tmp/earnings_output/feishu_content.md)"
Inspect the generated markdown and Feishu draft, confirm the target workspace and sharing settings, and avoid publishing confidential call content unintentionally.