asr-transcribe-to-text

SUSPICIOUS. The skill’s behavior mostly matches its stated ASR purpose, and there is no installer abuse or credential theft pattern. The main risk is privacy and endpoint trust: it uploads recordings to an arbitrary configurable HTTP ASR service, with optional remote diagnostics, so sensitive user media can leave the machine without strong assurances about transport security or server ownership.