← Back to Skills Marketplace
Voice Transcriber Pro
by
aiwithabidi
· GitHub ↗
· v1.0.0
731
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install voice-transcriber-pro
Description
Voice note transcription and archival for OpenClaw agents. Powered by Deepgram Nova-3. Transcribes audio messages, saves both audio files and text transcript...
Usage Guidance
This skill is functionally a transcriber, but the metadata, docs, and code don't line up. Before installing: (1) Do not provide DEEPGRAM_API_KEY expecting it to be used — the scripts currently call OpenAI/openrouter endpoints instead. (2) Inspect ~/.openclaw/workspace/.env for secrets; the transcribe.sh will read that file for OPENROUTER_API_KEY if present, which could expose other keys. (3) If you want Deepgram, either modify the scripts to actually use Deepgram or prefer a skill that declares and uses the correct provider. (4) Be aware that audio files will be uploaded to external services (api.openai.com and openrouter.ai) — only do this if you are comfortable sending sensitive audio to those providers. (5) If you lack the ability to audit/modify the code, run this only in a controlled/sandboxed environment and avoid placing other credentials in ~/.openclaw/workspace/.env. Given the mismatches and undeclared env usage, treat this skill with caution or seek a corrected/reviewed release.
Capability Analysis
Type: OpenClaw Skill
Name: voice-transcriber-pro
Version: 1.0.0
The skill is classified as suspicious primarily due to a path traversal vulnerability in `scripts/save_voice_note.py`. The `shutil.copy2(audio_path, audio_dest)` call does not sanitize the `audio_path` input, allowing an attacker to write files to arbitrary locations on the filesystem by providing paths like `../../evil.ogg`. Additionally, the `transcript` argument is written directly into a markdown journal file without sanitization, creating a potential prompt injection vector if the agent later processes its own journal entries. The `scripts/transcribe.sh` script performs expected API calls to OpenAI/OpenRouter for transcription and handles API keys in a standard manner for OpenClaw skills, without clear malicious intent.
Capability Assessment
Purpose & Capability
The metadata and description advertise Deepgram Nova-3 and list DEEPGRAM_API_KEY and jq as required, but the actual scripts use OpenAI's audio transcription endpoint and openrouter.ai. The code does not use DEEPGRAM_API_KEY and does not call jq; conversely it relies on Python3 and environment variables (OPENAI_API_KEY, OPENROUTER_API_KEY) that are not declared. This mismatch is disproportionate and inconsistent with the stated purpose/provider.
Instruction Scope
SKILL.md instructs running bundled scripts which post audio files to external APIs (api.openai.com and openrouter.ai). transcribe.sh will read OPENROUTER_API_KEY from ~/.openclaw/workspace/.env if not in env — a user-local env file that may contain other secrets. save_voice_note.py writes audio and Markdown journal files under ~/.openclaw/workspace/memory, which is plausible for a journaling skill, but reading ~/.openclaw/workspace/.env and sending audio to third-party endpoints are not documented in SKILL.md and expand scope beyond the advertised Deepgram integration.
Install Mechanism
No remote install or download spec is present (instruction-only with bundled scripts). That lowers risk from arbitrary code fetches. The included scripts will be present on disk as part of the skill bundle, but no external installers or network-based install steps are invoked by the skill itself.
Credentials
The registry declares DEEPGRAM_API_KEY as the primary credential but the scripts use OPENAI_API_KEY and OPENROUTER_API_KEY (and also attempt to read ~/.openclaw/workspace/.env). Asking for a Deepgram key while not using it is misleading. Requiring or accessing other API keys and a workspace .env file is disproportionate and increases the chance of unintentionally exposing unrelated secrets.
Persistence & Privilege
The skill does not request always:true and writes only to ~/.openclaw/workspace/memory which is expected for agent memory. However, it also reads ~/.openclaw/workspace/.env (potentially containing other credentials) — this cross-file access is not declared and elevates the skill's effective privilege to access local secret material beyond its stated scope.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install voice-transcriber-pro - After installation, invoke the skill by name or use
/voice-transcriber-pro - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Audio transcription via Whisper + voice note journaling
Metadata
Frequently Asked Questions
What is Voice Transcriber Pro?
Voice note transcription and archival for OpenClaw agents. Powered by Deepgram Nova-3. Transcribes audio messages, saves both audio files and text transcript... It is an AI Agent Skill for Claude Code / OpenClaw, with 731 downloads so far.
How do I install Voice Transcriber Pro?
Run "/install voice-transcriber-pro" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Voice Transcriber Pro free?
Yes, Voice Transcriber Pro is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Voice Transcriber Pro support?
Voice Transcriber Pro is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Voice Transcriber Pro?
It is built and maintained by aiwithabidi (@aiwithabidi); the current version is v1.0.0.
More Skills