📦 Cloudflare Whisper Worker
v1.0.0使用已部署的 Cloudflare Worker Whisper 端点转录音频。用于将语音/音频文件(wav、mp3、m4a、ogg、webm)转换为文本时……
0· 315·0 当前·0 累计
by @lotfinity下载技能包
最后更新
2026/4/18
安全扫描
OpenClaw
可疑
medium confidence该技能功能如其所述(将音频发送到 Cloudflare Worker 进行转录),但元数据中缺少必需的环境变量和二进制文件,且会将音频发送至第三方端点,存在隐私/一致性风险。
评估建议
This skill will upload whatever audio you point it at to the specific worker URL (https://lotfi-whisper-worker.medtouradmin.workers.dev) using a Bearer token. Before installing or using it: 1) Verify and trust the owner/operator of that workers.dev host — do not send sensitive or regulated audio to an unknown third party. 2) Ask the publisher to update metadata to declare WHISPER_WORKER_TOKEN and the required binaries (curl, jq) so you can evaluate requirements upfront. 3) Use a dedicated, scope...详细分析 ▾
ℹ 用途与能力
The name/description match the included script and instructions: they POST raw audio to a Whisper Worker /transcribe route with a Bearer token. However the registry metadata does not declare the required WHISPER_WORKER_TOKEN nor does it list required binaries (the script uses curl and jq), which is an inconsistency between claimed requirements and actual runtime needs.
ℹ 指令范围
SKILL.md and the script are narrowly scoped to uploading an audio file to the given endpoint and extracting text. They do not attempt to read unrelated files or system credentials. Important runtime behavior: audio bytes (potentially sensitive) and the Authorization token are transmitted to the specified workers.dev host; this is expected for the stated purpose but is an important privacy implication.
✓ 安装机制
No install spec and only an included shell script — nothing is downloaded or written during install. Low install risk.
⚠ 凭证需求
The skill requires a bearer token (WHISPER_WORKER_TOKEN) to call the endpoint, but the metadata did not declare any required environment variables. The script also depends on curl and jq which are not declared. Requiring a token to use a third‑party transcription endpoint is proportionate to the purpose, but the missing metadata and the fact that audio and tokens are sent to an externally hosted endpoint raise privacy and trust concerns.
✓ 持久化与权限
The skill does not request persistent presence (always is false) and does not modify other skills or system-wide configuration.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/5
初始版本:支持 Bearer 认证的 Cloudflare Whisper worker 转录技能及辅助脚本。
● 可疑
安装命令
点击复制官方npx clawhub@latest install cloudflare-whisper-worker
镜像加速npx clawhub@latest install cloudflare-whisper-worker --registry https://cn.longxiaskill.com
技能文档
使用此技能通过已部署的 Whisper Worker API 转录音频。
端点
- Base URL:
https://lotfi-whisper-worker.medtouradmin.workers.dev - Route:
POST /transcribe - Auth:
Authorization: Bearer - Body: 原始音频字节 (
--data-binary @file)
必需环境变量
在 shell 中一次性设置 token: ``bash
export WHISPER_WORKER_TOKEN=""
` 转录文件(JSON 响应)
`bash
curl -sS -X POST "https://lotfi-whisper-worker.medtouradmin.workers.dev/transcribe" \
-H "content-type: audio/wav" \
-H "authorization: Bearer $WHISPER_WORKER_TOKEN" \
--data-binary "@audio.wav"
` 转录并仅返回文本
`bash
curl -sS -X POST "https://lotfi-whisper-worker.medtouradmin.workers.dev/transcribe" \
-H "content-type: audio/wav" \
-H "authorization: Bearer $WHISPER_WORKER_TOKEN" \
--data-binary "@audio.wav" \
| jq -r '.result.text // .text // .result.response // empty'
` Content-Type 对照
WAV:audio/wavMP3:audio/mpegM4A:audio/mp4OGG/OPUS:audio/oggWEBM:audio/webm
常见错误
401 Unauthorized: 缺失/无效 bearer token400 Empty audio body: 文件路径错误或文件为空400 Send raw audio...: content-type 头无效500`: worker/运行时/模型错误;重试并查看完整 JSON