Free Groq Voice Recognition
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a purpose-aligned Groq transcription helper, but users should know that selected audio is uploaded to Groq, may be routed through a proxy, and requires protecting a Groq API key.
This skill is reasonable to use if you are comfortable sending chosen audio files to Groq for transcription. Protect the Groq API key, avoid placing it in shared files, use a trusted proxy only when necessary, and avoid uploading highly sensitive recordings unless Groq's retention and privacy terms meet your needs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the API key is shared, committed, or exposed through agent context, someone else could use the user's Groq account quota.
The skill requires a Groq API key, which is expected for this service, but the key is a credential and the registry metadata does not declare a primary credential or required env var.
Create a new API key ... Add to your TOOLS.md ... - API Key: gsk_your_key_here
Store the key in a secret manager or environment variable rather than plain text where possible, rotate it if exposed, and the skill should declare GROQ_API_KEY as a credential.
Private voice notes or meeting recordings leave the local machine for transcription, and the proxy/provider path affects privacy and availability.
The script uploads the selected audio file to Groq and routes the request through the configured/default proxy. This is central to transcription, but it means sensitive recordings and a bearer token are involved in external communication.
curl -s --proxy "$PROXY" "https://api.groq.com/openai/v1/audio/transcriptions" ... -H "Authorization: Bearer $GROQ_API_KEY" ... -F "file=@$AUDIO_FILE"
Only transcribe files you intend to upload, review Groq's data-retention terms, and use a trusted proxy only when needed.
Users might overestimate the privacy guarantees and send more sensitive recordings than intended.
The privacy language is broad: audio is explicitly processed by Groq's external API, so users should not read this as purely local processing or rely on retention claims without checking Groq's policy.
Audio processed by Groq's API (not stored permanently) ... No data sent to third parties
Clarify that Groq is an external processor and link to the provider's current privacy and retention terms.
Installation or use may fail unexpectedly, and users may not see credential/network requirements before reading the skill text.
The packaged artifacts include transcribe.sh, which uses Bash, curl, jq, GROQ_API_KEY, and a proxy setting, so setup requirements are not fully reflected in metadata.
No install spec — this is an instruction-only skill; Required binaries ... none; Env var declarations: none; Primary credential: none
Declare the script dependencies, GROQ_API_KEY credential, and proxy/network behavior in metadata.