Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
YouTube Transcript Extractor by AkkuAlle
v1.0.0Extrahiert Transkripte von YouTube-Videos für Content-Erstellung. Nutze für Video-Analysen, Content-Ideen und Blog-Posts aus YouTube-Videos.
⭐ 0· 50·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The stated purpose (extract YouTube transcripts and produce content) aligns with the YOUTUBE_API_KEY requirement and the alternative yt-dlp / youtube-transcript-api approaches in the instructions. However registry metadata at the top of the package claims no required env vars while SKILL.md declares YOUTUBE_API_KEY in its metadata — this mismatch is unexplained. SKILL.md also references an executable at /root/.openclaw/skills/.../youtube-transcript but there is no install spec or code file that would create that binary, which is incoherent with the claimed installless skill.
Instruction Scope
Instructions ask the operator to store the API key in a .env and show a shell invocation that expects a local skill binary under /root/.openclaw/skills/...; but there is no code or install mechanism provided to supply that binary. The steps otherwise stay within the transcript-extraction purpose and the alternatives (yt-dlp, youtube-transcript-api) are reasonable. The presence of a hardcoded root path and expectation of an installed skill binary without an install spec is a scope/expectations mismatch.
Install Mechanism
This is instruction-only (no install spec, no code files), which is low-risk in itself. The SKILL.md suggests installing third-party tools (yt-dlp, pip package youtube-transcript-api) if no API key is available — those are normal recommendations but not enforced by an installer. The skill also references a non-provided binary path; absence of an install step for that binary is inconsistent and should be clarified.
Credentials
Requesting a YOUTUBE_API_KEY is proportionate to the stated function. However: (1) the registry summary lists no required env vars while SKILL.md requires YOUTUBE_API_KEY — an internal inconsistency; (2) SKILL.md instructs storing the key in a local .env file (which may be insecure) and does not discuss restricting key scope or alternatives. No other unrelated credentials are requested.
Persistence & Privilege
SKILL.md metadata includes always:true, which would force-enable the skill in all agents; the registry flags show always:false. This contradiction is important: if the skill really sets always:true it would be force-included across contexts, increasing blast radius. Because the registry and SKILL.md disagree, the required persistence/privilege level is unclear and should be resolved before trust.
What to consider before installing
Do not install or supply secrets to this skill until the inconsistencies are resolved. Specific steps to take: 1) Ask the publisher for the source code or a homepage — there is no source/homepage listed. 2) Ask which value of 'always' is authoritative (registry vs SKILL.md); prefer skills that are not 'always' enabled. 3) Ask how the /root/.openclaw/skills/.../youtube-transcript binary is provided and request an explicit, auditable install step (or remove the fake invocation if the skill is purely instruction-only). 4) If you test it, avoid putting a high-privilege API key in a plaintext .env — create a restricted YouTube API key (minimal quotas/referrers) or use a throwaway/test key and run in an isolated environment. 5) If you need the functionality but want assurance, prefer a skill with a public source, clear install steps, or implement the small transcript workflow yourself (yt-dlp or youtube-transcript-api) rather than trusting an opaque skill. These issues make the package suspicious rather than clearly benign.Like a lobster shell, security has layers — review code before you run it.
latestvk975gbxevba1q4zc1jzaf55r2x83qh2w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.