Local speech-to-text with the Whisper CLI (no API key).
Security Analysis
high confidenceThis is an instruction-only skill that coherently wraps the local Whisper CLI: it only asks for the whisper binary (brew install) and doesn't request extra credentials or broad system access.
Name/description match the content: the SKILL.md instructs use of the 'whisper' CLI and the metadata requires the 'whisper' binary and offers a brew formula. These requirements are proportionate to a local speech-to-text skill.
Runtime instructions are limited to calling the whisper CLI on audio files and note model caching to ~/.cache/whisper. They do not ask the agent to read unrelated files, access credentials, or transmit data to unexpected endpoints.
No install script included in the package; the metadata suggests installing via Homebrew (openai-whisper). Homebrew is a standard package mechanism and appropriate for this kind of tool.
The skill declares no environment variables, no credentials, and no config paths. This matches the stated purpose (local CLI usage) and is proportionate.
The skill is not configured as always-enabled and does not request persistent system-wide changes. Agent invocation settings are default; autonomous invocation is allowed by platform default but not a notable risk here given the limited scope.
Guidance
This skill is internally consistent and lightweight: it just tells the agent how to use a local 'whisper' binary and offers a Homebrew install hint. Before installing, verify the Homebrew formula source (brew info / inspect the tap) so you know which upstream binary will be installed. Be aware that Whisper downloads model files to ~/.cache/whisper on first run (large disk usage and network download). If you will transcribe sensitive audio, confirm the binary is trusted and run it in an environment you control; otherwise there are no extra credentials or hidden exfiltration steps in this skill.
Latest Release
v1.0.0
More by @steipete
Published by @steipete on ClawHub
