Is openai-whisper safe?

https://clawhub.ai/skill/openai-whisper

95
SAFE

The openai-whisper skill is a minimal, documentation-only skill that provides CLI usage instructions for OpenAI's Whisper speech-to-text tool. It contains no executable code, no prompt injection attempts, no data exfiltration vectors, and all monitoring signals (filesystem, network, process execution, canary integrity) are clean. The only notable aspects are the standard Homebrew installation mechanism and Whisper's expected model auto-download behavior.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (4)

INFO Brew formula installation -5

The skill metadata specifies installation via Homebrew formula 'openai-whisper'. While this is a standard and trusted package manager, it does execute package installation which downloads and installs binaries. The formula is a well-known, official OpenAI package.

INFO Model auto-download on first run -5

The SKILL.md documents that Whisper models download to ~/.cache/whisper on first run. This is expected behavior for the whisper CLI but means network activity will occur during first use. The models come from OpenAI's official hosting.

LOW Implicit filesystem access scope -5

The skill instructs the agent to use whisper with arbitrary file paths (e.g., '/path/audio.mp3'). While this is the intended use case and requires user direction, it means the agent could be directed to process audio files anywhere on the filesystem. This is inherent to the tool's purpose rather than a malicious design.

INFO Expected registry HTTPS connection during install -5

A single HTTPS connection to 216.150.1.1:443 was observed during installation, consistent with fetching the skill package from the ClawHub registry. No unexpected or suspicious network destinations were contacted.