YouTube Comment Moderator
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken model classification could delete legitimate comments or post inappropriate replies on the user's channel.
Auto mode performs public account mutations without per-comment review once enabled.
- **auto** — auto-replies to questions, auto-deletes spam/hate
Start in monitor or approval mode, review the dry-run output, require explicit approval for deletes/replies, and limit the video scope before enabling auto mode.
A malicious or manipulative comment could try to influence the classifier and cause unwanted moderation actions.
Untrusted public comment text is inserted directly into the Gemini classification prompt; in auto mode, classification results can drive deletion or reply actions.
f'{j+1}. [id:{c["comment_id"]}] [{c["author"]}] (likes:{c["like_count"]}) {c["text"][:400]}'Treat comment text strictly as data, add prompt-injection-resistant delimiters and validation, and keep destructive actions behind an approval queue or confidence threshold.
If the callback URL is logged or seen by the wrong party before exchange, it could be used to obtain access for YouTube moderation actions.
The callback URL contains an OAuth authorization code; asking users to paste the full URL into chat can expose sensitive authorization material before it is exchanged.
Copy the entire URL from your browser's address bar and paste it back here.
Paste only the OAuth code into a trusted local setup step, avoid sharing the full callback URL in chat, and revoke/re-authorize credentials if exposure is suspected.
Anyone with access to the OAuth token or configured environment could potentially perform moderation actions on the authorized account.
The OAuth scope gives the skill read/write YouTube comment authority, which is expected for replying and deleting but is still a sensitive account permission.
YOUTUBE_SCOPES = [
"https://www.googleapis.com/auth/youtube.force-ssl" # read + write comments
]Use a dedicated Google Cloud OAuth client, authorize only the intended channel owner account, protect the token file, and revoke the token when no longer needed.
Public comment data and author handles are processed by an external AI provider as part of classification.
Comment IDs, author names, and comment text are included in prompts sent to the Gemini API for classification.
f"[{c['comment_id']}] @{c['author']}: {c['text'][:500]}"Confirm this external processing is acceptable for the channel, and avoid sending private or non-public data through the classifier.
Moderation actions may continue in the background until the scheduled job is disabled.
The skill suggests persistent scheduled execution, which is purpose-aligned but can keep moderating after the initial setup.
Optionally set up a cron job to run every 15-30 minutes for ongoing moderation.
If using cron, document the schedule, logs, and stop command, and prefer approval mode for ongoing runs.
Comment history and moderation decisions remain stored locally and could influence later reports or actions.
The skill persists fetched comments, classifications, actions, and reply drafts in a local SQLite database.
CREATE TABLE IF NOT EXISTS comments (... author TEXT, ... text TEXT, ... classification TEXT, ... reply_draft TEXT ...)
Keep the database in a protected location, review retention needs, and clear old data if it is no longer required.