Skillv1.0.2

ClawScan security

Local Whisper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 27, 2026, 3:44 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and instructions are largely consistent with its stated purpose (setting up local whisper.cpp STT for OpenClaw), it does not request secrets or unusual credentials, and it downloads/builds code from known project hosts — however it modifies OpenClaw config and restarts the gateway and there is a minor mismatch between claimed supported model sizes and the runtime wrapper's enforced model list.
Guidance: This skill appears to do what it says: build whisper.cpp locally, download ggml models from Hugging Face, install a wrapper into ~/.local, and configure OpenClaw to call that wrapper for inbound audio. Before installing: (1) ensure you have build tools, ffmpeg, and enough disk space (models can be large); (2) review and back up your OpenClaw config because scripts will patch it and restart the gateway; (3) note the wrapper currently only accepts models 'base' or 'small' despite documentation mentioning larger models — if you plan to use medium/large, inspect/adjust bin/openclaw-whisper-stt.sh; (4) verify you trust the upstream GitHub and Hugging Face sources; (5) run the install commands interactively (not as root) and inspect what they do if you have security concerns. Overall the skill is coherent and proportional to its purpose.

Review Dimensions

Purpose & Capability: noteThe name/description (local whisper.cpp STT for OpenClaw) aligns with the scripts: they build whisper.cpp from the upstream GitHub repo, download ggml model binaries from Hugging Face, install a wrapper into ~/.local/bin, and patch OpenClaw to call the wrapper for inbound audio. One inconsistency: SKILL.md and download_models.sh advertise many model sizes (tiny/base/small/medium/large-*) but the runtime wrapper (bin/openclaw-whisper-stt.sh) enforces MODEL_NAME to be only 'base' or 'small'. This is a capability mismatch (documentation vs runtime).
Instruction Scope: okThe SKILL.md installation steps are explicit and limited to building whisper.cpp, downloading models into ~/.cache/whisper, installing the wrapper into ~/.local/bin, patching OpenClaw's tools.media.audio config, and restarting the gateway. The scripts operate on user-home directories (~/.local, ~/.cache) and do not attempt to read unrelated system files or export secrets. The patch script will restart the gateway (impactful), which is within the skill's stated goal but is a behavior the user should expect.
Install Mechanism: okThere is no packaged install spec; the provided scripts clone the known upstream repo (https://github.com/ggerganov/whisper.cpp) and download model binaries from Hugging Face (huggingface.co/ggerganov/whisper.cpp). Those are well-known sources. The build process compiles locally with cmake and installs artifacts under the user's home. This is expected for a local build; the main risk is the usual build-time exposure and disk usage for large models.
Credentials: okThe skill requests no credentials or secret environment variables. Runtime uses ordinary env items (HOME, optional OPENCLAW_WHISPER_MODEL and OPENCLAW_WHISPER_LANG) and checks for required tools (git, cmake, ffmpeg, curl). No unrelated service tokens or privileged system credentials are requested.
Persistence & Privilege: noteThe skill installs a wrapper symlink into ~/.local/bin, places libs in ~/.local/lib, stores models in ~/.cache/whisper, and PATCHES OpenClaw configuration and restarts the gateway to enable local STT. It does not set always:true, but it does modify OpenClaw's config persistently — users should be aware this changes their gateway behavior until reverted.