youtube-manager

What to consider before installing: - The code and reference guide require YOUTUBE_API_KEY and YOUTUBE_CHANNEL_ID (and optionally OAuth client/refresh tokens), but the skill metadata lists none — ensure you only provide credentials you control and understand how they'll be used. - The video upload implementation is a mock (returns a fixed video ID) and does not perform OAuth-based uploads; if a future version adds real upload code that requests client secrets/refresh tokens, review that OAuth flow carefully and prefer short-lived, least-privilege credentials. - The SKILL.md promises real-time monitoring, automated alerts, and multi-format exports, but the included scripts implement basic polling analytics and JSON report export. Treat those features as incomplete until the author provides working implementations. - Network calls go to Google APIs (https://www.googleapis.com). Limit exposure by using API keys restricted by IPs/referrers or use OAuth with proper scopes. Do not provide unrestricted long-lived credentials to untrusted code. - Because the registry metadata is inconsistent with the code, request clarification from the skill author (or the publisher) about required env vars and exact capabilities. If you must test, run in a sandboxed environment with non-production credentials and inspect runtime network activity and files created. - If you do not trust the author or cannot confirm fixes, avoid providing client secrets/refresh tokens and consider using read-only API keys with tight restrictions instead.