Youtube Notification Analysis
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is review-worthy because it can move from YouTube investment notifications to placing trades without clear approval steps, limits, or safeguards.
Only use this skill if you want YouTube-based investment analysis and you will manually review every proposed trade. Do not allow live trading unless each order is explicitly confirmed with symbol, side, quantity, price, and account. Also verify that yt-dlp and whisper-cpp are trusted and expected on your system.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could place real trades based on YouTube content if paired with a trading-capable skill, which may cause financial loss or unwanted account activity.
The workflow chains video analysis directly into trade execution, but the artifact does not require user confirmation, trade sizing limits, or a safe review step before financial actions.
5. **Analyze**: Summarize investment recommendations 6. **Execute trades**: Use tiger-trade skill
Require explicit user approval for every trade, include exact symbol/side/quantity/price review, and default to analysis-only or paper-trading unless the user clearly requests live execution.
If trading credentials are available through another skill, this workflow could use them for account-changing financial actions without clear boundaries.
Executing trades implies delegated access to a brokerage or trading account, but the skill does not describe credential scope, account boundaries, or user-controlled permission limits.
Workflow is open YouTube click notification bell extract video IDs get subtitles or download plus whisper-cpp analyze then execute trades.
Document the exact trading account access required, restrict privileges where possible, and require separate user authorization before any brokerage action.
The skill may fail or rely on whatever versions of yt-dlp and whisper-cpp are already present on the system.
The skill depends on external command-line tools for downloading subtitles and transcription, while the supplied metadata declares no required binaries or install spec.
yt-dlp --write-subs --skip-download --sub-lang zh-Hans,en <video_url> ... whisper-cpp/bin/main -m whisper-cpp/models/ggml-base.bin -f /tmp/video.mp4 --language ZH
Declare required tools and versions, and install them only from trusted sources.
The agent may download media to /tmp and run local transcription tools on it.
The skill instructs the agent to run local commands and download video content. This is aligned with subtitle extraction and transcription, but users should notice the local execution and file-writing behavior.
yt-dlp -f best "https://www.youtube.com/watch?v=VIDEO_ID" -o /tmp/video.mp4 whisper-cpp/bin/main -m whisper-cpp/models/ggml-base.bin -f /tmp/video.mp4 --language ZH
Run only trusted local binaries, review downloads, and avoid using the skill in sensitive environments unless the command behavior is acceptable.