Skillv1.0.1

ClawScan security

Youtube Outlier Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 11:42 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (find YouTube outliers, summarize, write to Sheets, post to Discord), but there are several mismatches and missing declarations (undeclared required credentials, missing .env.example, a dependency/import mismatch, and a detected unicode-control-chars prompt-injection pattern) that make the package incoherent and warrant caution before installing.
Guidance: Key things to check before installing or running this skill: - Do not rely on the registry metadata alone: the skill actually needs multiple credentials (Google Sheets service account JSON, GOOGLE_SHEET_ID/GOOGLE_SHEET_RANGE, DISCORD_BOT_TOKEN, DISCORD_CHANNEL_ID, YOUTUBE_API_KEY, and optionally ANTHROPIC_API_KEY). Provide only least-privilege credentials (share the specific sheet with a service account that has edit access to that single sheet, avoid broad Google Cloud scopes). - The SKILL.md references a .env.example that is not included. Ask the author for the env template or create your own, and verify every required env var before running. - The code will perform live writes and Discord posts by default (DRY_RUN is false). Test in a safe environment (test sheet and a test Discord channel) first. - There is a dependency/import mismatch: code imports '@anthropic-ai/sdk' but package.json lists 'openai' and not '@anthropic-ai/sdk'. Confirm and audit npm dependencies before running npm install; ensure the Anthropic SDK version you intend is explicitly listed and reviewed. - Inspect SKILL.md for hidden/control characters (the scan found unicode-control-chars). Remove any non-printable characters and validate the content. - Review and limit the Discord bot's permissions and channel scope; prefer a bot account dedicated to testing. - If you cannot audit the author’s changes, consider running the skill in an isolated environment (container) or refuse to install until the developer fixes the missing .env.example and dependency issues. If you want, I can: - Enumerate the exact environment variables the code reads and produce a safe .env.example template for you; or - Produce a short checklist to run the skill safely in a sandbox (test sheet, test Discord channel, ephemeral API keys).
Findings: [unicode-control-chars] unexpected: A prompt-injection pattern was detected in SKILL.md (unicode control characters). This is not expected for a normal README/instructions and could be an attempt to manipulate automated processing or evaluations. Review the SKILL.md contents closely and remove any hidden control characters.

Review Dimensions

Purpose & Capability: concernThe code and SKILL.md align with the claimed purpose (YouTube search, summarization, Google Sheets writes, Discord posts). However the published registry metadata declares no required environment variables or primary credential even though the code clearly requires multiple credentials (Google Sheets service account JSON, sheet ID/range, Discord bot token and channel ID, YouTube API key, optional Anthropic API key). That mismatch between declared requirements and the actual runtime needs is an incoherence risk.
Instruction Scope: concernSKILL.md instructs using .env.example for required variables but there is no .env.example in the file manifest — instructions are incomplete. The runtime instructions (and code) will read a local .env file and will send video metadata to external services (Google Sheets, Discord, YouTube APIs, and optionally Anthropic). Those actions are consistent with purpose, but the SKILL.md contains a detected 'unicode-control-chars' prompt-injection signal which could indicate an attempt to manipulate downstream processing/analysis. Also the code sets DRY_RUN = false, meaning it will perform live writes and posts by default.
Install Mechanism: noteThere is no formal install spec (instruction-only), but the package includes package.json and package-lock.json and expects npm dependencies to be installed (npm install). That is expected for a TypeScript/Node skill; the dependencies are typical for the stated features. No external arbitrary download URLs or extract steps are present.
Credentials: concernThe skill requires multiple sensitive credentials at runtime (Google Sheets service account JSON, Google sheet ID, Discord bot token and channel ID, YouTube API key, optional ANTHROPIC_API_KEY). Those are proportionate to the claimed functionality, but the registry metadata does not declare any of them — a transparency problem. Also package.json lists the 'openai' package though code uses Anthropic; the code imports '@anthropic-ai/sdk' but that package is not present in package.json, indicating developer oversight which increases the risk of unexpected runtime behavior or hidden dependency changes.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system-wide configs. It runs only when invoked (user-invocable) and requires explicit credentials to act. No elevated platform privileges are requested.