Skills
skills/kesslerio/local-whisper-openclaw-skill/local-whisper/Gen Agent Trust Hub

local-whisper

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security vulnerabilities were detected in the skill's code or instructions.
  • [COMMAND_EXECUTION]: The script uses Node.js spawnSync with argument arrays to execute the Whisper CLI and FFmpeg. This is a secure pattern that prevents shell command injection. Evidence: spawnSync(whisperPath, args, ...) in transcribe.js.
  • [EXTERNAL_DOWNLOADS]: The skill documents dependencies on well-known, reputable packages like openai-whisper and ffmpeg-python. These are installed via standard package managers and do not involve untrusted remote code execution.
  • [DATA_EXFILTRATION]: Audio data remains local as intended. No network operations or data exfiltration patterns were found in any script.
  • [SAFE]: Privilege escalation concerns are absent; standard system tools (sudo) are only mentioned in documentation for manual user-led setup.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 12:12 PM