K8s Self Hosted Whisper Api
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly does what it claims, but its prompt handling can let prompt text execute local Python code when the transcription script is run.
Review before installing. The transcription workflow is otherwise purpose-aligned, but do not use the --prompt option with untrusted text until the unsafe Python interpolation is fixed. Also confirm that the Kubernetes Whisper endpoint is trusted, because selected audio files will be uploaded there over unauthenticated HTTP.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent passes untrusted text into --prompt, that text could execute commands on the machine running the skill.
The user-controlled --prompt value is inserted directly into Python source code passed to python3 -c. A prompt containing quotes and Python syntax could break out of the string and run local Python commands with the script's permissions.
[[ -n "$PROMPT" ]] && QUERY="${QUERY}&initial_prompt=$(python3 -c "import urllib.parse; print(urllib.parse.quote('${PROMPT}'))" 2>/dev/null || echo "${PROMPT}")"Fix prompt encoding by passing the prompt as an argument or environment variable to Python, for example: python3 -c 'import sys, urllib.parse; print(urllib.parse.quote(sys.argv[1]))' "$PROMPT". Avoid using --prompt with untrusted text until this is fixed.
Audio files selected for transcription are sent to the configured in-cluster Whisper service, where they may be processed or visible according to that service's controls.
The skill sends audio to a hard-coded HTTP service without authentication. This is disclosed and matches the transcription purpose, but the audio may contain private information and relies on the Kubernetes network boundary for protection.
Transcribe an audio file via the Whisper ASR webservice at `http://whisper-asr.whisper-asr.svc.cluster.local:9000` ... `No authentication required`
Use this only with a trusted Whisper deployment and network. Consider adding TLS/authentication or documenting the trust boundary and retention behavior of the ASR service.