Voice Notes Pro

What to check before installing: - Expect to provide an OPENAI_API_KEY (the code throws if it's missing); the registry metadata currently omits that — ask the publisher to declare required env vars. - The skill writes files to disk. Confirm which directories it will use (SKILL.md shows ~/notes but code defaults to /root/notes). Adjust configuration to point to a safe, writable directory you control and verify file permissions. - SKILL.md tells you to run npm install in the skill folder; package.json depends on the public 'openai' package (common) but package.json's 'main' is 'skill.js' while included file is voice-notes-pro.js — this mismatch may prevent the skill from running; ask the author to fix packaging before installing. - SKILL.md includes a hard-coded phoneNumber in its example config — remove or replace with your own and confirm the skill only connects to your WhatsApp gateway. - Review the code (transcribeAudio and handlers) yourself or have a trusted developer review it: it reads audio files and sends them to OpenAI for transcription (expected), and only writes local Markdown files. There is no obvious network exfiltration beyond OpenAI API calls, but ensure you trust the OpenAI API key you provide. - If you need higher assurance: request the publisher to update registry metadata to list required env vars/config paths, fix package.json main/version mismatches, and provide a signed release or a vetted install instruction so you can audit the exact code that will be installed. Confidence note: medium — the code appears to implement the advertised functionality, but multiple metadata/instruction mismatches (undeclared OPENAI_API_KEY requirement, path inconsistencies, package.json main mismatch, example phone number) create ambiguity that prevents a clean 'benign' verdict. Additional metadata fixes or reproducible build instructions would raise confidence.