Groq Voice Transcribe
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears purpose-aligned: it sends selected audio to Groq for transcription, but users should notice the cloud upload and Groq API key handling.
Install if you are comfortable with chosen audio files being uploaded to Groq. Configure a dedicated Groq API key securely, monitor usage or billing, and choose transcript output paths carefully so you do not overwrite important files.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Voice recordings may contain private conversations or sensitive information and will be processed by Groq.
The helper uploads the selected audio file to Groq's transcription API and saves the response locally. This is expected for a cloud transcription skill and is also disclosed in SKILL.md, but it means audio leaves the local environment.
curl -sS https://api.groq.com/openai/v1/audio/transcriptions ... -F "file=@${in}" ... >"$out"Use this only for audio you are comfortable sending to Groq, and review Groq's privacy, retention, and billing terms for your account.
A Groq API key can authorize API usage and may affect your account quota or billing if misused.
The skill requires a provider API key and suggests assistant-assisted storage in OpenClaw configuration. This is purpose-aligned, but credential handling is sensitive and the registry metadata does not declare a primary credential or required env var.
You need a **Groq API key**... The assistant can place the key into `~/.openclaw/openclaw.json` for you.
Use a dedicated, revocable Groq key, store it securely, avoid pasting it into unrelated chats, and revoke or rotate it if it may have been exposed.