Skillv1.4.1

ClawScan security

Youtube Whisper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 10, 2026, 10:25 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's inputs, instructions, and included script align with its stated purpose (download YouTube audio and transcribe locally with Whisper); it does not request credentials or perform unexplained network exfiltration.
Guidance: This skill appears to do what it says: it downloads YouTube audio (via yt-dlp) and transcribes locally with Whisper. Before installing/using: (1) ensure you trust the author and review the included script (it is plain shell, not obfuscated); (2) install yt-dlp, ffmpeg, and openai-whisper from their official sources (brew/pip) and be aware pip packages can execute code at install time; (3) the script downloads content from YouTube to /tmp and will remove temp files—be mindful of disk and network usage and of any copyright/legal constraints for downloading content; (4) the script prompts for interactive confirmation when memory is low and may hang in non-interactive agent runs—use the --force flag and a small model for automated contexts; (5) no credentials are requested, and there is no evidence of data exfiltration to third-party endpoints beyond fetching YouTube content.

Review Dimensions

Purpose & Capability: okName/description claim: download YouTube videos and transcribe with Whisper. Manifest and SKILL.md list yt-dlp, ffmpeg, and openai-whisper (pip) which are exactly what's needed. The included shell script implements subtitle detection, yt-dlp downloads, and local Whisper invocation—consistent with purpose.
Instruction Scope: noteSKILL.md instructs installing yt-dlp/ffmpeg and pip openai-whisper and running the provided script; the script only accesses the given YouTube URL, /tmp for temporary files, and local system resource info. It prompts interactively when memory is low (read -p) which can block non-interactive agents—this is a runtime usability note rather than malicious behavior. No instructions to read unrelated config files or transmit data to external endpoints beyond YouTube/yt-dlp.
Install Mechanism: okNo install spec provided (instruction-only + bundled script). Dependencies are installed via standard package managers (brew, pip) per SKILL.md; nothing is downloaded from an unusual URL or extracted by the skill installer.
Credentials: okSkill declares no required environment variables or credentials and the script does not access secrets or external tokens. All environment/system accesses (free, sysctl, top) are reasonable for performing resource checks.
Persistence & Privilege: okalways:false and default autonomous invocation settings; the skill does not attempt to modify other skills or system-wide configs. It runs transient shell commands and cleans up its temp directory on exit.