Audio2Text
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The API key may allow use of the user's Tinrec account quota or paid plan if it is left on disk or reused.
The skill requires a user-provided Tinrec API key and instructs the agent to save it to a local file for later CLI use. This is purpose-aligned, but it is still credential handling and persistence.
claw需要将用户发送的key保存至api-keys文件后使用cli模式进行调用,调用时通过 `--api-keys-file` 指定该文件
Use a dedicated Tinrec key if possible, avoid sharing broader account credentials, and delete or rotate the api-keys file/key when no longer needed.
Private meetings, interviews, or recordings provided to the skill will be sent to Tinrec/cloud infrastructure for processing.
The CLI reads the local audio file and uploads its full contents to a signed cloud upload URL before requesting transcription.
with open(path, "rb") as f: body_bytes = f.read(); put_status = _http_put(signed_url, body_bytes, timeout=120)
Only use this with recordings you are comfortable uploading to Tinrec, review the provider's privacy terms for sensitive audio, and keep the default service URL unless you intentionally trust another endpoint.
Users have less external information for verifying who maintains the skill or where its code comes from.
The registry metadata does not provide an upstream source or homepage, which limits provenance review even though no suspicious install behavior is shown.
Source: unknown; Homepage: none
Prefer skills with clear provenance when handling sensitive recordings; if installing this one, review the included script and provider identity before use.