YouTube Digest
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill’s YouTube transcript purpose is mostly coherent, but a maliciously crafted URL could cause it to run unintended local shell commands.
Review before installing. The skill is intended for public YouTube transcripts, but avoid running it on untrusted URLs until the maintainer changes the yt-dlp calls to safe argument-array execution and declares the yt-dlp requirement clearly.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent runs this skill on a malicious or malformed URL, unintended commands could execute on the user’s computer.
The CLI takes the URL from command-line arguments and interpolates it into a shell command. Double quotes do not safely prevent shell metacharacters or command substitution, and the code validates only that a YouTube-looking ID exists while still passing the original URL to the shell.
const url = args[1]; ... execSync(`yt-dlp --dump-json --no-download "${url}"`, {Replace execSync shell strings with execFile/spawn using an argument array, or strictly accept only an 11-character video ID and reconstruct the YouTube URL internally before calling yt-dlp.
Users may not realize they need to install and trust an external command-line tool before the skill works.
The code requires an external yt-dlp binary, while the registry requirements list no required binaries and SKILL.md says it uses YouTube's transcript API. This is purpose-aligned but under-disclosed.
execSync('which yt-dlp', { stdio: 'pipe' }); ... console.error('❌ yt-dlp is required. Install with: brew install yt-dlp');Declare yt-dlp as a required binary in metadata and document the actual implementation path clearly in SKILL.md.