HN Podcast Archive
v1.0.0Automate podcast archiving by detecting new HN episodes from RSS, downloading audio, transcribing locally with Whisper, and generating markdown archives with...
⭐ 0· 51·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (archive HN podcast episodes, download audio, transcribe with Whisper, write markdown) match the included files and declared runtime expectations. The script requires feedparser, ffmpeg, and a 'whisper' CLI which are appropriate for this task.
Instruction Scope
SKILL.md and references document only RSS fetching, downloading audio, local transcription, writing files (audio/, transcripts/, episodes/, state.json, run-log.jsonl, index.md), and scheduling. The script reads/writes only under the specified output directory and does not access unrelated system paths, environment variables, or external endpoints other than fetching RSS and episode audio.
Install Mechanism
There is no install spec (instruction-only), which is low-risk. The code expects external binaries ('ffmpeg' and 'whisper') and the Python feedparser package; these are reasonable but require the operator to install and vet. The 'whisper' CLI is invoked via subprocess — ensure the binary on PATH is the intended transcription tool (the script will execute whatever 'whisper' refers to).
Credentials
The skill requests no environment variables, credentials, or config paths. The script operates on a provided output directory and does network fetches for the RSS and audio files only, which is proportionate to the stated purpose.
Persistence & Privilege
Flags show no forced permanence (always:false) and no modifications to other skills or system-wide settings. The skill writes only to its own output directory and state/log files as described.
Assessment
This skill appears coherent for archiving/transcribing podcasts, but take these practical precautions before installing or scheduling it: 1) Verify and install 'whisper' and 'ffmpeg' from trusted sources — the script will run the 'whisper' binary found on PATH, so a malicious binary with that name would be executed. 2) Run the script manually with --dry-run and a test feed and output directory to confirm behavior before scheduling. 3) Use a dedicated output directory (not a system or home root) and consider an isolated environment (virtualenv, container) for Python deps. 4) Inspect and trust the RSS feed sources you give the script; it will download and store audio from those URLs. 5) Pin feedparser and any other runtime components as you deploy. If you want higher assurance, request an install spec or signed release for the whisper/ffmpeg binaries you plan to use.Like a lobster shell, security has layers — review code before you run it.
latestvk971j9t9azp2fy101k1anm36w584e6dd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.