Transcribe audio files using OpenAI's gpt-4o-mini-transcribe model with vocabulary hints and text replacements. Requires uv (https://docs.astral.sh/uv/).
Security Analysis
high confidenceThe skill's description matches its stated goal (audio -> transcript) but the runtime instructions contradict the declared metadata (they require an OpenAI API key and a runnable 'transcribe' tool at a hardcoded user path that are not declared or included), so the bundle is incoherent and needs clarification before use.
The skill name/description (voice transcription via OpenAI) is reasonable, but the SKILL.md asks the user to put OPENAI_API_KEY in a hardcoded path (/Users/darin/.../.env) and to run 'uv run /Users/darin/clawd/skills/voice-transcribe/transcribe'. The package metadata declares no required env vars and includes no executable named 'transcribe'. That mismatch (hardcoded user path + undeclared credential + missing executable) is inconsistent with the stated purpose and deployment model.
The instructions tell humans/agents to run a 'transcribe' command at an absolute path and to store an OpenAI API key in a specific file — actions outside the skill bundle. They also mention caching and post-processing replacements. Because there is no included code or executable, the instructions are ambiguous and assume local artifacts and secrets that the skill metadata does not disclose.
There is no install spec (instruction-only), which is lower risk in itself. However, absence of an install plus references to running an external 'transcribe' binary means the runtime will rely on external tooling (uv and an executable/script) that are not provided; verify where that code comes from before running.
Metadata claims no required env vars or primary credential, but SKILL.md explicitly instructs placing OPENAI_API_KEY into a local .env file. That is a direct mismatch: the skill needs an API key to function but does not declare it. Also the instructions encourage storing the key in a hardcoded, user-specific path, which is a poor and potentially unsafe practice.
The skill does not request always:true and does not declare persistent system-wide modifications. Autonomous invocation is allowed by default (normal). There is no evidence the skill attempts to change other skills or system settings.
Guidance
Do not install or run this skill until the author clarifies and fixes these issues: (1) The SKILL.md requires an OPENAI_API_KEY but the metadata lists none—ask the author to declare required env vars (and prefer platform secret storage rather than a hardcoded .env file). (2) The instructions require running a 'transcribe' executable at /Users/darin/... but no executable or install steps are provided—ask where that binary comes from and request an install spec or included code. (3) Confirm the role of 'uv' (astral.sh) and ensure you trust that runtime. (4) Avoid placing API keys in arbitrary files; if you test, use a throwaway key and inspect the actual code that will run. If the author cannot supply the missing files or a credible install source (e.g., a GitHub release or vetted package), treat this skill as unreliable and do not give it secrets or run it with sensitive audio.
Latest Release
v1.0.1
Added uv requirement to description
Popular Skills
Published by @darinkishore on ClawHub
