Telegram Whisper Transcribe

What to check before installing: - Confirm TELEGRAM_BOT_TOKEN and OPENAI_API_KEY are provided; the registry metadata omits them but SKILL.md and scripts require them. Do not reuse an existing bot token used elsewhere (SKILL.md warns about single poller per bot). - Be aware audio payloads are sent to OpenAI's Whisper API — this transmits users' audio to OpenAI. If that is a privacy concern, do not install or host in a controlled environment. - The installer creates ~/transcribe-bot, a venv, and a user-level systemd service; review the files (bot.py, install.sh) and the .env handling. The .env file is written with chmod 600 but still resides on disk — consider alternative secret storage if needed. - The install script installs dependencies from PyPI without pinned versions or hashes. Prefer pinning or reviewing latest package releases before running pip. - This skill assumes a Unix-like system with Python 3 and systemd user services; it will not work as-is on Windows. - If you want higher assurance: run the bot in an isolated user account or container, or inspect/modify the code to add explicit logging controls, dependency pins, and stricter temp-file handling. Why I flagged this as suspicious: the functionality is coherent and the code is straightforward, but the registry metadata failing to declare required environment variables and runtime assumptions is an avoidable inconsistency that could cause accidental misconfiguration or concealment of required secrets. Fixing those metadata omissions or providing explicit package/version verification would raise my confidence to benign.