Is openai-whisper safe?
https://clawhub.ai/steipete/openai-whisper
The openai-whisper skill is a minimal, documentation-only CLI wrapper that instructs the agent how to use the Whisper speech-to-text tool. It contains no executable code, no prompt injection attempts, no data exfiltration vectors, and all monitoring signals are clean. The only notable action is a brew install directive for the well-known openai-whisper package.
Category Scores
Findings (5)
LOW Brew package installation requested -10 ▶
The skill metadata includes an install directive to run 'brew install openai-whisper'. While this installs a well-known, legitimate package, any package manager invocation carries inherent risk of executing arbitrary code during installation. The openai-whisper package is a widely-used, reputable open-source project maintained by OpenAI.
INFO Minimal instruction surface -5 ▶
SKILL.md contains only two example commands and brief notes about model caching and model selection. The instruction surface is extremely small, reducing the opportunity for hidden prompt injection.
INFO Model cache in home directory -3 ▶
Whisper downloads ML models to ~/.cache/whisper on first run. This is standard behavior for the tool and does not constitute data exfiltration, but users should be aware of network activity on first use.
INFO Standard VM system file reads during install -4 ▶
Filesystem monitoring captured reads to /etc/passwd, /etc/group, PAM configs, and other system files. These are standard Linux operations during user session initialization and process spawning, not indicative of malicious activity.
INFO Low-risk CLI wrapper pattern -10 ▶
This skill follows the safest possible pattern for a CLI skill: it contains no executable code, no network instructions, and only documents how to use an existing binary. The primary risk vector is the brew install step, which is a standard skill installation pattern.