AssemblyAI advanced speech transcription
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
This looks like a normal AssemblyAI integration. Before installing, make sure you are comfortable sending the selected audio/video and transcript text to AssemblyAI, use an appropriate API key, avoid untrusted base URL overrides, and review any raw request JSON before letting an agent run it. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your AssemblyAI account quota and access transcript jobs available to that API key.
The CLI uses an AssemblyAI API key from an environment variable or flag to authenticate provider requests, which is expected for this service integration.
const apiKey = String(flags['api-key'] ?? process.env.ASSEMBLYAI_API_KEY ?? '');
Use a scoped AssemblyAI key where possible, keep it in the environment rather than prompts, and revoke or rotate it if exposed.
Private meeting or media content may leave the local machine and be processed by AssemblyAI services.
Transcript text may be sent to AssemblyAI's LLM Gateway for summaries or structured extraction, which is disclosed and aligned with the skill purpose.
This skill therefore prepares transcript text and sends it to: - `https://llm-gateway.assemblyai.com/v1/chat/completions`
Only process audio, video, and transcripts you are allowed to send to AssemblyAI, and review prompts, schemas, and output files for sensitive information.
If used carelessly, an agent or user could send broader-than-intended request bodies or parameters to the provider.
Raw provider request passthroughs are explicitly documented and useful for advanced AssemblyAI parameters, but they bypass the safer predefined workflows.
This skill deliberately exposes raw passthrough options: - `--config` for transcription requests - `--understanding-request` for speech understanding - `--request` for LLM Gateway chat completions
Prefer the documented default commands unless you need a specific AssemblyAI parameter, and review any raw JSON request before sending it.
Users have less provenance information for deciding whether the bundled Node script is the intended implementation.
The registry metadata does not identify a source repository or homepage, although the skill includes bundled code and references AssemblyAI documentation in SKILL.md.
Source: unknown; Homepage: none
Install only from a trusted registry entry and review the bundled script before using it with sensitive media or production credentials.