tube-summary
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may need to install third-party packages before the skill works.
The skill depends on external Python tooling, but the registry metadata lists no required binaries or install spec. This is disclosed in the instructions and fits the purpose, but users should notice the manual dependency requirement.
- `yt-dlp` (install: `pip install yt-dlp`) - `requests` (for YouTube search fallback) - Python 3.7+
Install dependencies from trusted package sources and verify yt-dlp, requests, and any needed Python packages are maintained versions.
Using the skill runs local commands and contacts YouTube through yt-dlp.
The script invokes yt-dlp as a subprocess to perform YouTube search. The command is constructed as an argument list rather than shell execution, and this behavior is expected for the skill’s function.
result = subprocess.run(cmd, capture_output=True, text=True, timeout=30)
Run it in a normal user directory, review the selected video URL before subtitle download, and avoid using elevated privileges.
The skill can create subtitle files in the directory where the command is run.
The workflow downloads subtitle files to the current directory. This is user-directed and purpose-aligned, but it creates local files based on external video content.
yt-dlp --write-subs --sub-langs en --skip-download "VIDEO_URL"
Run the subtitle download from a dedicated working folder if you want to keep generated files contained.