Local Whisper (cpp)
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the remote model changes or is tampered with, transcription quality or behavior could change; writing to /usr/share may also require administrator-level access.
The setup downloads a required model from a mutable remote URL into a system directory without a checksum or pinned artifact version. This is purpose-aligned for local transcription, but users should notice the provenance and privilege implications.
wget https://huggingface.co/ggerganov/whisper.cpp/resolve/main/ggml-large-v3-turbo.bin?download=true -O /usr/share/whisper.cpp-model-large-v3-turbo/ggml-large-v3-turbo.bin
Use a trusted packaged model or verify the downloaded file with a published checksum, and only write to system directories when you understand the required permissions.