volc-audio-transcription

No explicit signs of covert malware or backdoor functionality were found. The code's primary security concern is operational: it intentionally exposes local files by serving a directory and publishing it via ngrok, which can lead to accidental data leakage if run from a directory containing sensitive files. API keys are transmitted to an expected third-party endpoint (over HTTPS). Follow operational hygiene (use dedicated directory, limit exposure, validate responses) before using this script.