speak-security-basics
'Security best practices for Speak API keys, audio data privacy, student
Allowed Tools
ReadWriteEditBash(npm:*)Bash(curl:*)Grep
Provided by Plugin
speak-pack
Claude Code skill pack for Speak AI Language Learning Platform (24 skills)
Installation
This skill is included in the speak-pack plugin:
/plugin install speak-pack@claude-code-plugins-plusClick to copy
Instructions
Speak Security Basics
Overview
Security best practices for Speak API keys, audio data privacy, student data protection, and COPPA/FERPA compliance.
Prerequisites
- Completed
speak-install-authsetup - Valid API credentials configured
- ffmpeg installed for audio processing
Instructions
API Key Security
# Never commit API keys
echo '.env' >> .gitignore
echo '.env.local' >> .gitignore
# Use secrets manager in production
export SPEAK_API_KEY="$(aws secretsmanager get-secret-value --secret-id speak/api-key --query SecretString --output text)"
Audio Data Privacy
// Speak processes audio on their servers — do NOT store student audio locally
// unless required by your application
class PrivacyAwareClient {
async assessAndClean(audioPath: string, targetText: string, language: string) {
try {
const result = await this.client.assessPronunciation({
audioPath, targetText, language,
});
return result;
} finally {
// Delete local audio file after assessment
fs.unlinkSync(audioPath);
}
}
}
Student Data Protection
- Never log student audio recordings
- Redact student names from API logs
- Store assessment scores, not raw audio
- Implement data retention policies (delete after N days)
- COPPA compliance for students under 13: parental consent required
- FERPA compliance for educational institutions: student data agreements
Security Checklist
- [ ] API keys in secrets manager, not code
- [ ] Audio files deleted after processing
- [ ] Student PII not logged
- [ ] HTTPS enforced for all API calls
- [ ] Rate limiting prevents abuse
- [ ] Access logs maintained for audit
Output
- Basics implementation complete
- Speak API integration verified
- Production-ready patterns applied
Error Handling
| Error | Cause | Solution |
|---|---|---|
| 401 Unauthorized | Invalid API key | Verify SPEAKAPIKEY environment variable |
| 429 Rate Limited | Too many requests | Wait Retry-After seconds, use backoff |
| Audio format error | Wrong codec/sample rate | Convert to WAV 16kHz mono with ffmpeg |
| Session expired | Timeout after 30 min | Start a new conversation session |
Resources
Next Steps
See speak-prod-checklist for production readiness.
Examples
Basic: Apply security basics with default configuration for a standard Speak integration.
Advanced: Customize for production with error recovery, monitoring, and team-specific requirements.