YouTube Summarizer
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for summarizing YouTube videos, but users should notice that it relies on an unpinned external GitHub dependency and can send transcript files to Telegram.
This skill appears aligned with its stated purpose. Before installing, review the external MCP transcript server it asks you to clone and build, be aware that full transcripts are saved under /root/clawd/transcripts, and use Telegram delivery only when sending the full transcript file to that chat is intended.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the helper may run third-party Node.js package code during npm install/build and later during transcript fetching.
The skill depends on cloning and building an external GitHub project that is not pinned to a commit or version. This is central to the transcript-fetching purpose, but users must trust that external dependency.
git clone https://github.com/kimtaeyoon83/mcp-server-youtube-transcript.git cd mcp-server-youtube-transcript npm install && npm run build
Review the external repository before installing, prefer a pinned commit or release, and install it only from a trusted source.
The skill’s main function depends on running code that is not included in the reviewed artifact set.
The runtime workflow executes local Node.js code from the external MCP transcript server. This is expected for the skill’s purpose, but it is still executable helper code outside the provided skill files.
cd /root/clawd/mcp-server-youtube-transcript && node --input-type=module -e "
import { getSubtitles } from './dist/youtube-fetcher.js';Only use this skill after installing the MCP transcript server from a source you trust, and keep the helper dependency updated and reviewed.
If used in Telegram, the agent may attach and send the full transcript file to the target chat rather than only replying with a short summary.
The skill can send the generated transcript file to Telegram. This is disclosed and matches the stated delivery purpose, but it is an external messaging action.
message --action send --channel telegram --target CHAT_ID \ --filePath /root/clawd/transcripts/YYYY-MM-DD_VIDEO_ID.txt
Use it in chats where sending a full transcript attachment is acceptable, and confirm the target chat before sending when privacy or audience matters.
Transcript files may remain on disk after the chat interaction and could be read later by users or processes with access to that directory.
The skill stores complete transcripts locally for later access. The stored content is expected for the purpose, but it creates retained local artifacts.
Save the complete transcript to a timestamped file: /root/clawd/transcripts/YYYY-MM-DD_VIDEO_ID.txt
Periodically delete saved transcripts if they are no longer needed, especially for private or unlisted video content.