Faster Whisper
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill is coherently focused on local speech-to-text, with disclosed setup, downloader, and optional Hugging Face token use that users should review but no artifact-backed malicious behavior.
This appears safe to use for its stated purpose. Before installing, be aware that setup installs Python ML packages, URL/RSS transcription downloads external media, and diarization may use your Hugging Face token. Use the minimal flags needed and keep transcription outputs private if the audio contains sensitive content.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on a URL or feed, the skill may download external media before transcribing it.
The skill can fetch remote media via yt-dlp/RSS as part of transcription. This is disclosed and purpose-aligned, but users should provide trusted URLs and expect network downloads.
Transcribe from URLs — YouTube links and direct audio URLs (auto-downloads via yt-dlp); Transcribe podcast feeds — `--rss <feed-url>` fetches and transcribes episodes
Use URL/RSS features only for sources you intend to download and transcribe; otherwise use local-file transcription.
Using diarization may rely on your local Hugging Face authentication token.
The skill declares optional use of a local Hugging Face token path for diarization-related functionality. This is expected for pyannote-style speaker diarization, but it is still credential access.
"optionalPaths": ["~/.cache/huggingface/token"]
Only enable diarization or provide `--hf-token` when needed, and avoid pasting tokens into prompts or shared logs.
Installing the skill can bring in third-party Python package code from the package index.
The Python dependency is version-ranged rather than pinned exactly, so setup may install a newer dependency release. This is common for Python ML tools but is a supply-chain consideration.
faster-whisper>=1.2.1
Install in the provided virtual environment, review dependencies if you require reproducibility, and pin versions locally if needed.
Running setup executes local shell commands and modifies the skill directory by creating a virtual environment.
The setup script creates a local virtual environment and later installs dependencies. This is a user-directed install flow and matches the local ML transcription purpose.
if command -v uv &> /dev/null; then
uv venv "$VENV_DIR" --python python3
else
python3 -m venv "$VENV_DIR"
fiRun setup only from the skill directory you trust, and avoid running it with elevated privileges unless you have a separate reason.