turbo-whisper-local-stt Security Report — Low Risk | ClawSafe

25 /100

turbo-whisper-local-stt

本地高性能音频转文本工具，使用 Faster-Whisper large-v3-ct2 模型

A legitimate audio transcription skill with documented ML tool behavior (venv setup, pip install, model downloads). Minor supply chain and documentation gaps exist but no malicious behavior detected.

Skill Nameturbo-whisper-local-stt

Duration44.9s

Enginepi

✓

Safe to install

Consider pinning dependency versions in ensure_package.py for reproducible builds. Add explicit declaration of subprocess usage for venv/pip operations in SKILL.md.

Findings 4 items

Severity	Finding	Location
Medium	Unpinned Python dependencies Supply Chain ensure_package.py and env_manager.py install packages (torch, faster_whisper, librosa) without version constraints, risking supply chain attacks from dependency confusion or compromised packages. `subprocess.check_call([sys.executable, '-m', 'pip', 'install', '--upgrade', pip_pkg, ...])` → Pin versions like 'torch>=2.0.0' or use a requirements.txt with hashes	`scripts/ensure_package.py:31`
Medium	Undeclared subprocess execution Doc Mismatch SKILL.md declares 'bins: python' but doesn't mention subprocess usage for venv creation, pip installation, or GPU detection via nvidia-smi. These operations run shell commands with elevated implications. `subprocess.check_call([str(venv_python), '-m', 'pip', 'install', '--upgrade', 'pip'])` → Document shell:WRITE permission requirement and list all subprocess operations	`scripts/env_manager.py:85`
Low	Third-party model repository Supply Chain Models downloaded from user-controlled HuggingFace repository (wangminrui2022/) rather than official Faster-Whisper org. While legitimate, these are unaudited weights. `"wangminrui2022/faster-whisper-large-v3-ct2"` → Consider verifying model checksums or using official repositories	`scripts/transcribe.py:34`
Low	Unrestricted pip index-url Priv Escalation PyTorch downloaded from https://download.pytorch.org/whl/{wheel} which is legitimate but uses direct network fetch without integrity verification. `index_url = f"https://download.pytorch.org/whl/{wheel}"` → Consider pinning torch version with hash verification	`scripts/env_manager.py:109`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ,WRITE`	`WRITE`	✓ Aligned	SKILL.md declares audio/text file I/O; transcribe.py creates dirs/writes output
Network	`READ`	`READ`	✓ Aligned	Downloads models from HuggingFace Hub (snapshot_download)
Shell	`NONE`	`WRITE`	✓ Aligned	env_manager.py uses subprocess for pip install, nvidia-smi detection
Environment	`NONE`	`READ`	✓ Aligned	env_manager.py reads/writes RUNNING_IN_VENV env var

7 findings

🔗

Medium External URL 外部 URL

https://huggingface.co/wangminrui2022/faster-whisper-base-ct2

README.md:23

🔗

Medium External URL 外部 URL

https://huggingface.co/wangminrui2022/faster-whisper-large-v3-ct2

README.md:24

🔗

Medium External URL 外部 URL

https://huggingface.co/deepdml/faster-whisper-large-v3-turbo-ct2

README.md:25

🔗

Medium External URL 外部 URL

https://pypi.tuna.tsinghua.edu.cn/simple

scripts/ensure_package.py:50

🔗

Medium External URL 外部 URL

https://download.pytorch.org/whl/cpu

scripts/env_manager.py:148

🔗

Medium External URL 外部 URL

https://download.pytorch.org/whl/

scripts/env_manager.py:161

🔗

Medium External URL 外部 URL

https://huggingface.co/

scripts/transcribe.py:76

File Tree

8 files · 38.0 KB · 855 lines

Python 5f · 682L Markdown 2f · 133L Ignore 1f · 40L

├─ ▾ 📁 scripts

│ ├─ 🐍 config.py Python 52L · 2.1 KB

│ ├─ 🐍 ensure_package.py Python 73L · 2.8 KB

│ ├─ 🐍 env_manager.py Python 235L · 10.3 KB

│ ├─ 🐍 logger_manager.py Python 55L · 2.6 KB

│ └─ 🐍 transcribe.py Python 267L · 12.0 KB

├─ 📄 .gitignore Ignore 40L · 359 B

├─ 📝 README.md Markdown 99L · 5.9 KB

└─ 📝 SKILL.md Markdown 34L · 1.9 KB

Dependencies 4 items

Package	Version	Source	Known Vulns	Notes
`torch`	`*`	PyPI/direct	No	Version not pinned, fetched from pytorch.org
`faster_whisper`	`*`	pip	No	No version constraint specified
`librosa`	`*`	pip	No	Version not pinned
`huggingface_hub`	`*`	pip	No	Version not pinned

Security Positives

✓ No credential harvesting - skill doesn't access SSH, AWS, or API keys

✓ No base64/encoded payloads or obfuscated code execution

✓ No data exfiltration - transcription output stays local

✓ No persistence mechanisms (no cron, startup hooks, or backdoors)

✓ Legitimate ML transcription functionality clearly matches stated purpose

✓ Uses virtualenv isolation to contain dependencies

✓ No reverse shells, C2 communication, or suspicious network targets

Scan Report

Findings 4 items

File Tree

Dependencies 4 items

Security Positives