Youtube Podcast summarizer via Elevenlabs

Transform YouTube videos into podcast-style voice summaries using ElevenLabs TTS

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 1 · 1.6k · 3 current installs · 4 all-time installs

by@Franciscoandsam

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The services the skill requires (Supadata for transcripts, OpenRouter for summarization, ElevenLabs for TTS) align with the described functionality. However, the registry-level metadata at the top of the package listing claims no required environment variables or credentials while the included skill.json and SKILL.md explicitly require ELEVENLABS_API_KEY, SUPADATA_API_KEY, and OPENROUTER_API_KEY — an internal inconsistency that should be resolved before trusting the package.

Instruction Scope

The SKILL.md instructs the operator to clone and run a backend (npm install; npm start) and to place API keys into a .env file. The runtime steps only call a local API (http://127.0.0.1:3050) which is consistent with a separate backend, but running arbitrary code from the referenced GitHub repo executes unvetted server code that could read or transmit secrets or other local data. The skill also suggests making BASE_URL publicly accessible, which increases exposure risk if the backend is misconfigured. There are no instructions that overtly read unrelated system files, but the requirement to run third-party server code broadens the attack surface.

Install Mechanism

There is no platform install spec; instead SKILL.md tells users to git clone https://github.com/Franciscomoney/elevenlabs-moltbot, npm install, and run the server. Downloading and executing code from a GitHub repo is a common pattern but carries execution risk: the repo may contain malicious or buggy code, post-startup network calls, or accidental exfiltration. The homepage is a GitHub repo (not an opaque personal server), which is better than an untrusted binary URL, but you still need to review the repository before running it.

ℹ

Credentials

The environment variables required by the service (ElevenLabs, Supadata, OpenRouter API keys) are proportionate to the stated purpose. That said, the top-level registry metadata omitted these required_env entries (another inconsistency). Also, placing keys into a .env file for a server you run locally is convenient but risky if the server or environment is accessible externally — the instructions explicitly mention making BASE_URL public, which could expose API keys or outputs if the backend leaks them.

✓

Persistence & Privilege

The skill does not request always: true and does not ask to modify other skills or system-wide settings. It includes autoTrigger patterns for YouTube links (expected for this kind of skill). Autonomous invocation is allowed by default (disable-model-invocation is false), which is normal; combined with the need to run an external server, this increases blast radius if the backend or keys are compromised, but the skill itself does not request elevated platform privileges.

Scan Findings in Context

[no_regex_findings] expected: The static regex scanner found nothing to analyze because this is an instruction-only skill with no embedded code files; however the SKILL.md tells the user to clone and run a GitHub repo, so the actual code to inspect lives in that external repository.

What to consider before installing

Before installing or running this skill: (1) Verify the GitHub repository contents yourself — review server code (especially network calls, logging, and any code that reads files or environment variables) before running npm start. (2) Only provision API keys with least privilege and, if possible, use expendable/limited keys for testing. (3) Run the backend in an isolated environment (container, VM, or restricted user) and bind it to localhost unless you intentionally want a public endpoint; avoid setting BASE_URL to a public address until you’ve audited the code. (4) Confirm where and how API keys are stored (.env files can be readable by other processes); consider using runtime secrets managers or environment injection. (5) Resolve the registry inconsistency (the registry metadata omitted required_env) — if the platform will not surface the required credentials to the skill, it may fail or behave unexpectedly. (6) If you’re not comfortable auditing the repo yourself, treat this package as untrusted code and do not run it on production systems or with high‑value credentials.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

elevenlabsvk9777b6wwpjt6qejke6swqees980aks3latestvk9777b6wwpjt6qejke6swqees980aks3samvk9777b6wwpjt6qejke6swqees980aks3

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎙️ Clawdis

SKILL.md

YouTube Voice Summarizer

Transform any YouTube video into a professional voice summary delivered in under 60 seconds.

What It Does

When a user sends a YouTube URL, this skill:

Extracts the video transcript via Supadata
Generates a concise AI summary via OpenRouter/Cerebras
Converts the summary to natural speech via ElevenLabs
Returns an audio file the user can listen to

Requirements

This skill requires a running backend server. Deploy the summarizer service:

git clone https://github.com/Franciscomoney/elevenlabs-moltbot.git
cd elevenlabs-moltbot
npm install
cp .env.example .env
# Add your API keys to .env
npm start

Required API Keys

Service	Purpose	Get Key
ElevenLabs	Text-to-speech	https://elevenlabs.io
Supadata	YouTube transcripts	https://supadata.ai
OpenRouter	AI summarization	https://openrouter.ai

How to Use

When user sends a YouTube URL:

Step 1: Start the voice summary job

curl -s -X POST http://127.0.0.1:3050/api/summarize \
  -H "Content-Type: application/json" \
  -d '{"url":"YOUTUBE_URL","length":"short","voice":"podcast"}'

Returns: {"jobId": "job_xxx", "status": "processing"}

Step 2: Poll for completion (wait 3-5 seconds between checks)

curl -s http://127.0.0.1:3050/api/status/JOB_ID

Keep polling until status is "completed".

Step 3: Return the audio to user

When complete, the response includes:

result.audioUrl - The MP3 audio URL (send this to the user!)
result.teaser - Short hook text about the content
result.summary - Full text summary
result.keyPoints - Array of key takeaways

Send the user:

The teaser text as a message
The audio URL so they can listen

Voice Options

Voice	Style
`podcast`	Deep male narrator (default)
`news`	British authoritative
`casual`	Friendly conversational
`female_warm`	Warm female voice

Summary Lengths

Length	Duration	Best For
`short`	1-2 min	Quick overview
`medium`	3-5 min	Balanced detail
`detailed`	5-10 min	Comprehensive

Example Flow

User: "Summarize this: https://www.youtube.com/watch?v=dQw4w9WgXcQ"

Start job:

curl -s -X POST http://127.0.0.1:3050/api/summarize \
  -H "Content-Type: application/json" \
  -d '{"url":"https://www.youtube.com/watch?v=dQw4w9WgXcQ","length":"short","voice":"podcast"}'

Poll status with the returned jobId
When complete, send the audioUrl to the user

Text-Only Summary (No Audio)

For faster, cheaper text-only summaries:

curl -s -X POST http://127.0.0.1:3050/api/quick-summary \
  -H "Content-Type: application/json" \
  -d '{"url":"YOUTUBE_URL","length":"short"}'

Troubleshooting

"Video may not have captions"

The video needs subtitles enabled on YouTube
Auto-generated captions may take time on new videos

Audio URL not working

Ensure BASE_URL in .env is publicly accessible
Check firewall allows traffic on port 3050

Cost Per Summary

Service	Cost
Supadata	~$0.001
OpenRouter	~$0.005-0.02
ElevenLabs	~$0.05-0.15
Total	~$0.06-0.17

Files

3 total

Select a file

Select a file to preview.

Comments

Loading comments…