Whisper Setup Skill

Name: claude-ptt/whisper-setup
Author: aaddrick

View on GitHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

The skill executes arbitrary code with root

ThreatsCI SM CS BC S HITL

Behavior Analysis

Mismatch detected — The skill's description states it 'guides users through setting up Whisper', implying a conversational or instructional role. However, the actual content includes direct execution of system-modifying commands, including `sudo apt-get` for package installation, `git clone` for repository download, and `make` for software compilation, which goes beyond mere guidance.

Claims to do

Whisper Setup Skill: This skill guides users through setting up Whisper for the PTT plugin.

Actually does

The skill executes shell commands to check system resources (RAM, disk, CPU, GPU), install system dependencies via `sudo apt-get`, clone the `whisper.cpp` Git repository, compile the software using `make`, download Whisper models, and test the local installation. It also reads and modifies the `~/.claude/ptt-config.json` file and interacts with the `OPENAI_API_KEY` environment variable.

Threat Analysis

AI Agent Traps ↗Scanned 4/16/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoning1 finding

Cognitive StateMemory & Learningclean

Behavioural ControlAction5 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Nameaaddrick/claude-ptt/whisper-setup

Registrygithub

Version4462f8f6e881

PURLpkg:github/aaddrick/claude-ptt@4462f8f6e881?skill=whisper-setup

Stars2

Source

Repository ↗SKILL.md ↗

SHA-256666c3ab6bd9f...

SHA-1d07f42b17fd0...

MD5718f976cfcdf...

TLSH46a1f9031d26...

ssdeep96:cWzcjkIwP...

Size4,999 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

https://github.com/aaddrick/claude-ptt

claude-marketplace

https://github.com/aaddrick/claude-ptt

Skills.shDocs

npx skills add https://github.com/aaddrick/claude-ptt

Assessments (2)

AI Agent Traps ↗

Access to sensitive environment variables detectedcriticalcredential theft

Access to sensitive environment variables detected

100% confidenceline 44

$OPENAI_API_KEY

Arbitrary Code Execution via Package Install & Compilationhighcommand execution

The skill executes commands to install system packages with root privileges (`sudo apt-get`) and clones/compiles external source code from GitHub (`git clone`, `make`). This allows for arbitrary code execution with elevated privileges, posing a significant supply chain risk if the external repository or package sources are compromised.

90% confidence

sudo apt-get update && sudo apt-get install -y build-essential cmake
git clone https://github.com/ggerganov/whisper.cpp.git
make -j$(nproc)

Handling of Sensitive API Keysmediumcredential theft

The skill prompts the user for their OpenAI API key and instructs on storing it in an environment variable or a local configuration file. While necessary for the skill's function, this involves handling sensitive credentials, which could be exploited if the agent's environment or configuration file access is compromised.

80% confidence

If not set, ask user to provide their API key
Set `whisper.openaiApiKey` to the user's key

Audio Recording Capabilitymediumdata exfiltration

The skill includes a command to record audio using `arecord` to a temporary file. While intended for testing the transcription setup, this capability could be repurposed for unauthorized audio surveillance or data collection if the agent's instructions were manipulated.

70% confidenceline 148

arecord -f S16_LE -r 16000 -c 1 -d 3 /tmp/test.wav

System Information Gatheringlowreconnaissance

The skill executes commands to gather system information such as RAM, disk space, CPU details, and GPU presence. These commands are used for legitimate resource assessment but represent reconnaissance capabilities that could be abused.

80% confidence

free -h
df -h ~
lscpu | grep -E "(Model name|CPU(s)|Thread)"
nvidia-smi

Description Mismatchhighdescription mismatch

The skill's description states it 'guides users through setting up Whisper', implying a conversational or instructional role. However, the actual content includes direct execution of system-modifying commands, including `sudo apt-get` for package installation, `git clone` for repository download, and `make` for software compilation, which goes beyond mere guidance.

85% confidence

Commands like `sudo apt-get update`, `git clone https://github.com/ggerganov/whisper.cpp.git`, and `make -j$(nproc)` are executed directly within the skill content.

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/aaddrick/claude-ptt/whisper-setup.svg)](https://mondoo.com/ai-agent-security/skills/github/aaddrick/claude-ptt/whisper-setup)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/aaddrick/claude-ptt/whisper-setup"><img src="https://mondoo.com/ai-agent-security/api/badge/github/aaddrick/claude-ptt/whisper-setup.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/aaddrick/claude-ptt/whisper-setup.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow