Groq API Inference
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can consume the user's Groq API access or quota, and the key should remain protected.
The skill uses a Groq API key for authenticated provider access. This is expected for a Groq API integration and the artifacts say not to store the key in files.
Check `GROQ_API_KEY` first and use `Authorization: Bearer $GROQ_API_KEY` for every request.
Keep GROQ_API_KEY in the environment only, use a key with appropriate limits, and do not paste the key into project files or logs.
Any prompt text or audio submitted through the skill is shared with Groq for processing.
The skill clearly discloses external provider communication and limits it to Groq inference/transcription endpoints, but user prompts and audio may contain sensitive information.
Data that leaves your machine: Prompt content sent to Groq inference endpoints; Audio content sent to Groq transcription endpoint when requested
Only send content you are comfortable sharing with Groq, and avoid including secrets or sensitive personal data unless necessary.
Saved preferences may make the skill activate or behave differently in later Groq-related tasks.
The skill uses persistent memory for activation preferences and workflow defaults. The scope is disclosed and excludes keys and payload content, but it can influence future behavior.
Save only activation trigger preferences to the user's global memory (no keys, no payload content). Mirror a short summary in `~/groq-api/memory.md`.
Review or delete ~/groq-api/memory.md and any global activation preferences if you no longer want this workflow to persist.