Video Understanding
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it claims—analyze user-provided videos with Gemini—while clearly involving local video tools, a Gemini API key, and third-party upload of video content.
Install only if you are comfortable with yt-dlp/ffmpeg handling the video URL locally and with Google Gemini receiving the video content or URL for analysis. Use a dedicated Gemini API key where possible, and avoid submitting sensitive videos unless your organization permits that provider use.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can download media from external sites and consume local bandwidth/storage before analysis.
The script invokes yt-dlp on a user-supplied video URL to download media. This is central to the skill's purpose and is bounded by --no-playlist and a default max size, but it is still local tool execution against external content.
cmd = ["yt-dlp", ... "--max-filesize", f"{max_size_mb}M", "-o", output_path, url]Use it only with video URLs you intend to process, and keep yt-dlp and ffmpeg updated through trusted package sources.
Gemini API usage may be charged to or rate-limited against the account tied to the API key.
The script reads the Gemini API key from the environment and uses it to call Google Gemini, matching the declared requirement and stated purpose.
api_key = os.environ.get("GEMINI_API_KEY") ... client = genai.Client(api_key=api_key)Use a dedicated Gemini API key with appropriate account controls, and monitor usage or quotas.
Future installs may resolve to a newer google-genai package version than the one originally tested.
The script relies on uv script metadata to install google-genai using a version range rather than an exact pinned version. This is a normal dependency for Gemini access, but not fully reproducible.
# dependencies = ["google-genai>=1.0.0"]
Prefer pinned dependency versions or a lockfile if reproducible installs are important.
Private, internal, or sensitive video content may be processed by Google Gemini if submitted through this skill.
The skill explicitly sends downloaded video files to the Gemini File API for analysis. This is disclosed and purpose-aligned, but it crosses a third-party provider boundary.
All other URLs → Downloaded via yt-dlp → uploaded to Gemini File API → poll until processed
Do not use the skill for sensitive videos unless sending that content to Gemini is acceptable under your privacy and compliance requirements.