← 返回 Skills 市场
Whisper Local Api
作者
Roman Slysh
· GitHub ↗
· v1.0.0
526
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install whisper-local-api
功能描述
Secure, offline, OpenAI-compatible local Whisper ASR endpoint for OpenClaw. Features faster-whisper (large-v3-turbo), built-in privacy with no cloud telemetr...
安全使用建议
This skill appears to implement a local Whisper API but relies on cloning and running code from a remote repository and installing Python packages, which undermines the '100% offline' claim. Before installing: (1) inspect the remote repository (the default repo URL or any WHISPER_REPO_URL you set) and review its run_server.sh and requirements.txt for network calls or telemetry; (2) run the bootstrap/start steps inside a disposable VM or container; (3) be prepared that model weights may be downloaded at runtime (network access) and could be large; (4) if you need strict offline guarantees, obtain vetted offline artifacts (server code and model files) and set WHISPER_DIR to a local copy instead of cloning; (5) avoid supplying third-party WHISPER_REPO_URLs unless you trust the source.
功能分析
Type: OpenClaw Skill
Name: whisper-local-api
Version: 1.0.0
The skill is classified as suspicious due to a significant supply chain vulnerability. The `scripts/bootstrap.sh` file allows overriding the `WHISPER_REPO_URL` environment variable, which dictates the Git repository to clone and execute. If an attacker can control this variable, they could inject a malicious repository, leading to arbitrary code execution during the setup phase. Additionally, the `SKILL.md` indicates the service binds to `0.0.0.0` by default, which, while warned about, exposes the service on all network interfaces, increasing the attack surface if the host is not properly firewalled. There is a benign prompt injection instruction in `SKILL.md` ('Ask before any package-manager operations') which aims to enhance safety, not to cause harm.
能力评估
Purpose & Capability
The skill claims '100% offline & private' but the provided bootstrap script clones a remote GitHub repository (default REPO_URL) and runs code from that repo. Model weights and runtime behavior are not included in the skill bundle, so network access will be required to obtain the server code and likely model files—this contradicts the offline guarantee in the description.
Instruction Scope
Runtime instructions direct the operator to run bootstrap.sh, start.sh, healthcheck.sh, and a smoke-test. bootstrap.sh creates a venv and runs 'pip install -r requirements.txt' from the cloned repo; start.sh invokes an external run_server.sh from the cloned repo. The skill executes code that is not bundled with the skill (the remote repo) which may perform arbitrary operations (network I/O, telemetry, filesystem changes). The included scripts use curl only against localhost, but there is no assurance the remote repo will not contact external endpoints.
Install Mechanism
No registry install spec is declared, but bootstrap.sh clones a GitHub repository (https://github.com/Hantok/local-whisper-backend.git by default) and installs Python packages from its requirements.txt. GitHub is a well-known host (lower risk than arbitrary IPs or paste sites), but cloning + pip install means remote code will be fetched and executed—this is a moderate install risk and requires network access.
Credentials
The skill declares no required credentials or sensitive env vars. It does accept optional overrides (WHISPER_DIR, WHISPER_REPO_URL, WHISPER_HEALTHCHECK_URL, WHISPER_API_URL). No secrets are requested. Note: WHISPER_REPO_URL can be set to any repository, which if misused could cause arbitrary code to be installed.
Persistence & Privilege
The skill does not request always:true, does not modify other skills' configs, and does not request elevated or persistent platform privileges. start.sh launches run_server.sh as a background process under the user account; there is no automatic systemd/cron installation in the provided scripts.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install whisper-local-api - 安装完成后,直接呼叫该 Skill 的名称或使用
/whisper-local-api触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Whisper Local API 1.0.0 – Initial Release
- Launches a secure, 100% offline OpenAI-compatible Whisper ASR endpoint for OpenClaw.
- Utilizes faster-whisper with the large-v3-turbo model for high-accuracy, privacy-first speech-to-text.
- Lightweight; low RAM usage (~400-500MB) suitable for edge and VPS environments.
- Built-in local API for OpenAI Whisper-compatible `/v1/audio/transcriptions` calls, no cloud required.
- Includes simple scripts for install, startup, health checking, and smoke testing with audio files.
元数据
常见问题
Whisper Local Api 是什么?
Secure, offline, OpenAI-compatible local Whisper ASR endpoint for OpenClaw. Features faster-whisper (large-v3-turbo), built-in privacy with no cloud telemetr... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 526 次。
如何安装 Whisper Local Api?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install whisper-local-api」即可一键安装,无需额外配置。
Whisper Local Api 是免费的吗?
是的,Whisper Local Api 完全免费(开源免费),可自由下载、安装和使用。
Whisper Local Api 支持哪些平台?
Whisper Local Api 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Whisper Local Api?
由 Roman Slysh(@hantok)开发并维护,当前版本 v1.0.0。
推荐 Skills