Argmax Transcription and TTS
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is coherent for local speech transcription and text-to-speech, with only expected notes around installing an external CLI, downloading models, and optionally running a localhost API server.
This appears safe for its stated purpose. Before installing, be comfortable with Homebrew installing the CLI and the first run downloading speech models. Use the optional localhost server mode only when you intentionally need an API endpoint.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill means trusting the Homebrew package and the downloaded speech models.
The skill depends on an externally installed CLI and first-run model downloads. This is central to the stated on-device speech purpose, but it is still a supply-chain dependency users should recognize.
brew install whisperkit-cli ... First run automatically downloads models as needed.
Install from the documented package source, keep the CLI updated, and verify the package/homepage if supply-chain provenance matters for your environment.
If the local server is left running, local processes may be able to use it for transcription or health checks.
The skill documents an optional local API server. It is bound to localhost and purpose-aligned, but it creates a tool endpoint while running.
whisperkit-cli serve --port 50060 ... Exposes OpenAI-compatible endpoints at `http://127.0.0.1:50060`
Run the server mode only when needed, keep it bound to localhost, and stop it after use.