Is carlulsoe/parakeet-stt safe?

https://github.com/openclaw/skills/tree/main/skills/carlulsoe/parakeet-stt

98
SAFE

This is a documentation-only skill that provides instructions for setting up NVIDIA Parakeet TDT speech-to-text service locally. The skill itself contains no executable code and exhibits no malicious behavior, only referencing an external repository for the actual implementation.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (2)

LOW External Repository Dependency -10

The skill instructs users to clone and execute code from an external GitHub repository (groxaxo/parakeet-tdt-0.6b-v3-fastapi-openai). While this is transparently documented and expected for this type of integration, it does introduce dependency on external code that could potentially be compromised.

INFO Legitimate External Dependency -5

The skill serves as documentation for setting up a local speech-to-text service and relies on an external implementation repository. This is normal behavior for integration skills but creates a dependency chain.