ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

YouTube Digest

v1.0.0

Extract transcripts, summaries, chapters, and key moments from public YouTube videos without needing an API key.

0· 959·8 current·9 all-time
by@0xraini
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md says it "Uses YouTube's transcript API" (no API key) but the implementation actually calls the external binary yt-dlp to fetch video JSON and subtitles. package.json includes an npm dependency (youtube-transcript) that is not used in src/cli.js. These mismatches suggest sloppy packaging/documentation rather than outright malice, but they are inconsistent with the stated purpose.
!
Instruction Scope
Runtime code executes external commands via execSync (yt-dlp) with the user-supplied URL interpolated into a shell string (e.g., `yt-dlp --dump-json --no-download "${url}"`). Because the code constructs shell command strings directly from input, there's a command-injection risk if a maliciously crafted URL (or untrusted input) includes shell metacharacters or quotes. SKILL.md does not document the yt-dlp requirement (it claims using YouTube API), so an operator might not expect this shell execution behavior.
Install Mechanism
This is an instruction-only skill with no install spec. The package files are included but nothing is downloaded or extracted at install time by the registry; risk from install mechanisms is minimal.
Credentials
No environment variables, credentials, or config paths are requested. The skill only reads/writes temporary files in the OS temp directory to store subtitle files, which is proportionate to its purpose.
Persistence & Privilege
The skill does not request 'always' presence and does not modify other skills or system-wide settings. It runs as a CLI tool invoked on demand (normal behavior).
What to consider before installing
This skill appears to do what it claims (extract transcripts and generate summaries) but has a couple of red flags you should consider before installing or running it: - Command injection risk: The CLI calls yt-dlp by building shell command strings that include the user-supplied URL. If you or an agent could pass untrusted strings to this skill, a crafted input could execute arbitrary shell commands. Prefer an implementation that uses child_process.spawn with an args array or escapes input properly. - Documentation/dependency mismatch: SKILL.md claims using YouTube's transcript API, but the code uses yt-dlp; package.json includes an npm dependency that isn't used. This looks like sloppy packaging — verify the source and prefer a provenance you trust. - Runtime requirement: yt-dlp must be installed on the host. The script checks for it and exits if missing. Recommendations: 1) Only run this skill in a trusted, sandboxed environment or inspect/modify the code to sanitize inputs before use. 2) If you will accept URLs from external users or other agents, patch the code to avoid shell interpolation (use spawn with an args array or properly escape quotes), or validate/strictly whitelist URLs. 3) Consider removing unused npm dependencies and aligning documentation with actual behavior before using widely. If you want, I can suggest a safe-code patch (example: replace execSync string invocations with spawn or execFile) or produce a checklist to harden/run this skill safely.

Like a lobster shell, security has layers — review code before you run it.

latestvk976bjjbw6a5w0hphvtrnyprth80tzbd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments