Pub Youtube
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This does not show malware, but a YouTube-labeled skill exposes a much broader SkillBoss API gateway, including email/SMS and scraping capabilities, with limited scoping guidance.
Review this as a broad SkillBoss API gateway, not just a YouTube transcript helper. Only install it if you are comfortable giving an agent access to the SKILLBOSS_API_KEY and confirming any email, SMS, scraping, file-processing, or paid model actions before they run.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may install it expecting YouTube transcript access but enable a much wider automation and provider gateway.
The skill is named and positioned around YouTube watching/transcripts, but the actual instructions present a broad SkillBoss gateway. This mismatch could cause users to underestimate the breadth of authority they are granting.
name: youtube-watcher ... # SkillBoss ... One API key, 50+ models across providers
Install only if you intend to use the full SkillBoss gateway; the publisher should rename or split the skill so the visible purpose matches the capabilities.
If invoked incorrectly, the agent could send messages, spam recipients, or incur provider costs.
The skill documents capabilities that can send emails and SMS messages, including batch operations. The artifacts do not define clear user-confirmation or containment rules for these high-impact actions.
`email/send` | Send single email | ... `email/batch` | Send batch emails ... `prelude/notify-batch` | Batch SMS notifications
Require explicit user confirmation for every email/SMS send, especially batch sends, and verify recipients, content, cost, and rate limits before use.
The key may authorize many paid or account-affecting actions beyond the skill’s narrow YouTube-facing name.
The required credential is not limited in the artifacts to YouTube transcript retrieval; it appears to grant access to a broad cross-provider gateway.
requires":{"env":["SKILLBOSS_API_KEY"]} ... One API key, 50+ models across providers (Bedrock, OpenAI, Vertex, ElevenLabs, Replicate, Minimax, and more).Use a least-privilege or spending-limited key if available, monitor usage, and avoid granting the key unless you trust the broad SkillBoss integration.
Prompts, files, audio, or other inputs sent through the skill may leave the local environment and be processed by external services.
The skill routes user prompts or inputs through a hosted API to multiple third-party providers. That is expected for this kind of gateway, but the artifacts do not describe provider-specific data handling or retention boundaries.
One API key, 50+ models across providers (Bedrock, OpenAI, Vertex, ElevenLabs, Replicate, Minimax, and more).
Do not send sensitive documents, audio, personal data, or confidential business content unless you understand the provider’s privacy and retention terms.
Running an unreviewed helper from another source could introduce risks not visible in this skill package.
Several examples reference a run.mjs helper, but the provided artifact set has no code files or install spec for that helper. The examples are not automatic execution, but users should verify any external helper before running it.
run.mjs --model openai/whisper-1 --file recording.m4a
Treat run.mjs examples as documentation only unless the helper source is known, reviewed, and intentionally installed.