Voice Note Transcriber
PassAudited by ClawScan on May 12, 2026.
Overview
The skill's code matches its stated purpose, but running it gives it email/OpenAI credentials, sends matching voice-note audio to OpenAI, writes persistent Obsidian notes, and may mark emails read.
Before installing, make sure you are comfortable giving the skill an email app password and OpenAI key, sending matching voice-note audio to OpenAI, and writing generated transcripts into your Obsidian vault. Use a narrow subject keyword or dedicated mailbox, consider disabling MARK_EMAIL_READ for the first run, and install any missing dependencies from trusted sources.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can access these credentials could read the mailbox or use the OpenAI account; local process observers may also see the OpenAI bearer token while curl is running.
The skill necessarily uses mailbox credentials and an OpenAI API key for its stated workflow. The OpenAI key is passed to curl as a command-line argument, which is purpose-aligned but worth noticing on shared systems.
EMAIL_PASSWORD = os.getenv("EMAIL_PASSWORD", ""); OPENAI_API_KEY = os.getenv("OPENAI_API_KEY", ""); with Imbox(imap_host, username=EMAIL_ADDRESS, password=EMAIL_PASSWORD, ssl=True, port=imap_port) as imbox; "-H", f"Authorization: Bearer {OPENAI_API_KEY}"Use an app-specific email password, run on a trusted machine, rotate credentials if exposed, and prefer an implementation that avoids placing API keys in process arguments.
Voice-note audio that may contain private information leaves the mailbox/local machine and is processed by OpenAI.
Matching email audio attachments are uploaded to OpenAI's transcription API. This is disclosed and central to the skill, but it is still a third-party data transfer.
"https://api.openai.com/v1/audio/transcriptions", "-F", f"file=@{audio_path}", "-F", "model=whisper-1"Only run this on audio you are comfortable sending to OpenAI, and narrow the email keyword or mailbox source if needed.
A broad keyword or unexpected matching email could trigger transcription/API usage and change the read state of mailbox messages.
The script processes all unread messages whose subject contains the configured keyword and marks processed messages as read when the default setting is enabled.
messages = imbox.messages(unread=True); if VOICE_NOTE_KEYWORD.lower() not in subject.lower(): continue; transcript = transcribe(tmp_path); if MARK_EMAIL_READ: imbox.mark_seen(uid)
Use a specific keyword or dedicated mailbox/folder, review MARK_EMAIL_READ before first run, and consider adding sender, size, or count limits for automation.
If a malicious or misleading voice note is transcribed into the vault, future users or agents reading the vault could over-trust that content.
Email-derived subject, sender, and transcript text are persisted into Obsidian notes. This is the intended output, but the stored content may later be reused as trusted context.
content = f"""--- ... email_subject: "{subject}" ... email_from: "{sender}" ... {transcript} ... """; with open(filepath, "w", encoding="utf-8") as f: f.write(content)Treat generated transcripts as untrusted until reviewed, especially before using the Obsidian vault as AI context or automation input.
The skill may fail until extra dependencies are installed, and users may need to choose dependency sources themselves.
The script depends on imbox and curl even though the supplied requirements list only python3 and there is no install spec. This is a packaging/provenance gap, not evidence of malicious behavior.
from imbox import Imbox # lazy import; cmd = ["curl", "-sS", "https://api.openai.com/v1/audio/transcriptions", ...]
Install missing dependencies only from trusted sources, and prefer a future package version that declares and pins its runtime requirements.