Back to skill
Skillv0.1.0
ClawScan security
K8s Self Hosted Whisper Api · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 1, 2026, 12:47 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose: an instruction-only helper that posts an audio file to a self-hosted Whisper ASR service on a Kubernetes DNS name and writes the returned transcript; nothing in the package appears disproportionate or unrelated to transcription.
- Guidance
- This skill is coherent for transcribing audio to a self-hosted Whisper service, but before installing or using it you should: (1) confirm the cluster-local endpoint (http://whisper-asr.whisper-asr.svc.cluster.local:9000) is the intended and trusted service — audio data will be uploaded there without authentication; (2) ensure the agent environment can reach that DNS name (it's a Kubernetes in-cluster name and may be unreachable from outside the cluster); (3) verify python3 is available if you plan to use the --prompt flag (the script falls back but may behave differently); and (4) treat transcripts/audio as potentially sensitive and ensure they are handled per your privacy policy. If any of these are unacceptable, do not enable the skill.
Review Dimensions
- Purpose & Capability
- okName, description, SKILL.md, and the included transcribe.sh all align: they send an audio file to the cluster-local Whisper ASR /asr endpoint and save the transcript. Required binary (curl) matches the script's primary network calls.
- Instruction Scope
- noteThe instructions and script only read the specified audio file and write the transcript output. They POST the file to the declared cluster-local endpoint and do not reference unrelated system files or external endpoints. Two notes: (1) the SKILL.md and script state 'No authentication required' — this means sensitive audio will be sent to that service without credentials, so users should confirm they trust that service. (2) the script invokes python3 to URL-encode an initial prompt (fallback is provided), but python3 is not listed in required binaries.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and only a small shell script; nothing is downloaded or written to disk by an installer—low install risk.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The script uses a hard-coded cluster-local base URL; no extra secrets are required, which is proportionate for the stated purpose.
- Persistence & Privilege
- okThe skill does not request always:true and does not modify other skills or system-wide configs. It is user-invocable and can be invoked autonomously (platform default), which is expected for a skill of this type.