mlx-whisper
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill appears aligned with local speech-to-text use, with a small dependency/provenance note around the external MLX Whisper CLI and Hugging Face model cache.
This skill looks safe for its stated purpose. Before installing or using it, make sure the mlx_whisper command and the selected Hugging Face model come from sources you trust, and expect model files to be cached locally.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may not work unless the local CLI and model dependencies are already installed, and the model files may be downloaded or reused from the local Hugging Face cache.
The skill depends on an external local CLI and a named Hugging Face model/cache, but the registry metadata declares no required binary or install spec. This is purpose-aligned, but users should verify the tool/model source before use.
mlx_whisper /path/to/audio.mp3 --model mlx-community/whisper-large-v3-turbo ... Models cache to `~/.cache/huggingface/`
Install mlx_whisper only from a trusted source, confirm the intended model, and review local cache behavior if disk usage or model provenance matters.