Instagram Reels
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill does what it claims, but it uses command-line download tools, sends audio to Groq for transcription, and optionally uses Instagram cookies for private reels.
This skill appears coherent and benign for downloading and transcribing reels. Before using it, make sure you trust the installed command-line tools, protect your Groq API key, avoid exporting Instagram cookies unless necessary, and remember that the audio you transcribe is sent to Groq.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the examples downloads media-derived data and creates or overwrites files in /tmp.
The skill relies on local command-line tools and network downloads to process user-provided media URLs. This is central to the stated purpose, but users should understand the commands will fetch remote media and write local temporary files.
yt-dlp --write-info-json --skip-download -o "/tmp/reel" "REEL_URL" ... curl -sL "$AUDIO_URL" -o /tmp/reel-audio.m4a ... ffmpeg -y -i /tmp/reel-audio.m4a
Run the commands only for URLs you intend to process, review the shell commands before use, and clean up temporary files afterward.
A leaked Groq key could be abused for API usage, and exported Instagram cookies could allow session access if mishandled.
The Groq API key is required for the transcription API, and Instagram cookies are optionally suggested for private reels. Both uses are purpose-aligned, but cookies and API keys are sensitive credentials.
-H "Authorization: Bearer $GROQ_API_KEY" ... For private reels, pass cookies: `yt-dlp --cookies /path/to/cookies.txt ...`
Keep the Groq key and any cookies file private, avoid sharing command logs that include secrets, use cookies only when necessary, and delete exported cookies after use.
The safety of the workflow partly depends on the versions and sources of the installed tools.
The setup instructions require external packages that are not pinned in the skill artifact. This is a normal setup pattern for this type of media-processing skill, but the installed tools come from external package ecosystems.
pip install yt-dlp apt install ffmpeg # or: brew install ffmpeg
Install dependencies from trusted package managers or official sources, and keep yt-dlp and ffmpeg updated.
Any audio from the reel, including private or sensitive content, is sent to Groq for processing.
The transcription step uploads the extracted audio file to Groq's API. This is disclosed and necessary for the advertised transcription feature, but it means audio content leaves the local machine.
curl -s https://api.groq.com/openai/v1/audio/transcriptions ... -F "file=@/tmp/reel-audio.mp3"
Only transcribe content you are comfortable sending to Groq, especially when using private reels or videos containing sensitive speech.