Is openai-whisper-api safe?
https://clawhub.ai/steipete/openai-whisper-api
openai-whisper-api is a straightforward, single-purpose skill that wraps OpenAI's Whisper transcription API via a clean bash script. No prompt injection, no exfiltration to attacker-controlled servers, no install-time code execution, and all canary files remained intact. The only meaningful risks are inherent to the skill's purpose: audio data is sent to OpenAI, and the output path is user-controllable.
Category Scores
Findings (6)
LOW Audio data sent to external API -5 ▶
The skill's core function sends user audio files to api.openai.com for transcription. While this is the intended behavior, users should be aware that potentially sensitive audio content leaves their machine.
LOW API key referenced in user config file -5 ▶
SKILL.md documents storing the OPENAI_API_KEY in ~/.clawdbot/clawdbot.json. While this is standard practice for skills needing API keys, it creates a known location for credential storage.
LOW Arbitrary output path via --out flag -10 ▶
The --out flag combined with mkdir -p allows writing transcription output to any path the user has write access to. An agent manipulated via prompt injection could potentially use this to write content to sensitive locations.
INFO Bash script with proper safety settings 0 ▶
transcribe.sh uses set -euo pipefail, validates input file existence, and checks for required OPENAI_API_KEY before proceeding. Good defensive coding practices.
INFO Runtime reads of sensitive files are ClawHub platform behavior -5 ▶
Filesystem monitoring shows .env, .aws/credentials, and openclaw.json being read during install. These are ClawHub runtime operations (loading config, auth profiles), not triggered by the skill code itself.
INFO Clean SKILL.md with no manipulation attempts 0 ▶
The SKILL.md contains only standard usage documentation, CLI examples, and configuration instructions. No hidden instructions, persona overrides, or obfuscated content detected.