Skills
skills/openclaw/skills/gemini-stt/Gen Agent Trust Hub

gemini-stt

Pass

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: LOW
Full Analysis
  • [COMMAND_EXECUTION] (INFO): The script utilizes subprocess.run to interact with the local gcloud CLI for authentication.
  • Evidence: transcribe.py executes gcloud auth print-access-token and gcloud config get-value project to facilitate Vertex AI integration.
  • Risk Assessment: Safe. Commands are called using argument lists rather than shell strings, preventing command injection.
  • [DATA_EXFILTRATION] (SAFE): Network activity is restricted to Google's official Generative AI and Vertex AI domains.
  • Evidence: transcribe.py sends requests to generativelanguage.googleapis.com and aiplatform.googleapis.com.
  • [REMOTE_CODE_EXECUTION] (SAFE): No patterns for remote script downloading or execution were found. The skill does not use eval(), exec(), or unsafe deserialization.
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill has zero external dependencies and does not perform any runtime package installations.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 15, 2026, 07:27 PM