Skillv1.0.0

ClawScan security

Youtube Transcriber · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 4:34 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it claims (downloads audio, tries subtitles, and uploads audio to OpenAI Whisper), but the package metadata omits a required credential and there are a few unexpected local-path assumptions and privacy implications you should review before installing.
Guidance: Before installing or running this skill: (1) be aware it uploads downloaded audio to OpenAI (Whisper) — sensitive audio will be sent off-host; check your privacy policy for that. (2) The skill requires OPENAI_API_KEY at runtime, but the registry metadata does not declare this — supply the key only if you trust the destination and remove keys you don't want shared. (3) Verify yt-dlp and ffmpeg come from trusted sources (brew/pip/homebrew) rather than an unknown venv path the script probes. (4) Review the included scripts/transcribe.sh yourself (or run in a sandbox) since it will invoke binaries, write temp files under /tmp, and can read common HOME paths. (5) If you plan to allow autonomous invocation, consider the privacy implications of automatic audio uploads. If possible, request that the publisher update the registry metadata to declare OPENAI_API_KEY as a required env var and clarify any assumptions about local binary locations.

Review Dimensions

Purpose & Capability: noteThe name/description align with the code: it first tries YouTube subtitles and falls back to downloading audio and calling OpenAI Whisper. The declared prerequisites in README/SKILL.md (yt-dlp, ffmpeg, OPENAI_API_KEY) are appropriate for the stated purpose. However, the registry metadata for the skill lists no required environment variables while the runtime script requires OPENAI_API_KEY — that's an inconsistency.
Instruction Scope: noteRuntime instructions (scripts/transcribe.sh) are narrowly scoped to: calling yt-dlp/ffmpeg, parsing VTT, compressing audio, and POSTing audio to https://api.openai.com/v1/audio/transcriptions. It writes temporary files in /tmp and checks common local paths for yt-dlp. It does upload user audio to OpenAI (expected for Whisper) — this is a privacy/network action worth highlighting but is coherent with the stated purpose. The script does not appear to read unrelated secrets or exfiltrate data to third-party endpoints besides OpenAI.
Install Mechanism: okThere is no install spec (instruction-only + included script). Nothing is downloaded or executed automatically by an installer. This is lower risk than an automatic download/install flow.
Credentials: concernThe script requires OPENAI_API_KEY at runtime but the skill metadata does not declare any required environment variables. That mismatch means automatic permission reviewers may miss a required secret. The script also probes a specific path ($HOME/.venvs/agent-reach/bin/yt-dlp) and other local paths for binaries; while not directly a credential request, it reveals assumptions about local agent environment and could cause it to use a binary from an unexpected venv. Aside from OPENAI_API_KEY and local path probing, no other unrelated secrets are requested.
Persistence & Privilege: okThe skill does not request always:true and is user-invocable only. It does not attempt to modify other skills or system-wide config. It writes transient files to /tmp and user-chosen output paths only, which is expected for this utility.