AIML Voice Transcript
PassAudited by ClawScan on May 1, 2026.
Overview
This skill coherently transcribes user-provided audio through AIMLAPI, but users should be comfortable sending the audio file to that provider and using an API key.
Install this if you trust the publisher and are comfortable sending selected audio files to AIMLAPI. Use a dedicated API key, avoid processing highly sensitive recordings unless the provider's privacy terms are acceptable, and only use the optional output path where you want transcripts saved.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Any audio file processed by the skill is uploaded to AIMLAPI, so private conversations or sensitive recordings could be shared with that provider.
The script sends the selected audio file bytes to AIMLAPI for transcription. This is disclosed and purpose-aligned, but audio may contain sensitive speech.
DEFAULT_BASE_URL = "https://api.aimlapi.com/v1" ... body = header_body + file_path.read_bytes() + footer_body ... request(create_url, api_key, method="POST", data=body
Use this only for audio you are comfortable sending to AIMLAPI, and check that provider's retention and privacy terms if the recordings are sensitive.
The configured API key may authorize usage on the user's AIMLAPI account, including possible billing or quota consumption.
The script uses the AIMLAPI API key as a bearer token for provider requests. This is expected for the service integration, but it is still credential-bearing access.
api_key = os.getenv("AIMLAPI_API_KEY") ... "Authorization": f"Bearer {api_key}"Use a dedicated, revocable AIMLAPI key with the minimum needed access, and avoid placing the key in shared logs or transcripts.
It is harder to independently verify who maintains the skill or where updates should come from.
The package provenance is not well identified, even though the runnable script is included and no install-time dependency chain is declared.
Source: unknown; Homepage: none
Review the included script and publisher trust before installing, especially before providing an API key.