summarizer

The skill's runtime instructions and package metadata diverge from the registry declaration: it expects an API key, node/npm/git tools, and clones/builds an external GitHub repo into /root, but the registry says no env/binary requirements — proceed only after clarifying and sandboxing.

Don't install blindly. Before proceeding: (1) Confirm whether SKILLBOSS_API_KEY is required and where it will be stored; (2) Ask the skill author why registry metadata omits required binaries (node/git/npm) and the API key; (3) Inspect the GitHub repo (https://github.com/kimtaeyoon83/mcp-server-youtube-transcript) yourself to ensure it is trustworthy—the repo's stated use (Android emulation to bypass YouTube blocking) may violate policies or be fragile; (4) Never allow the agent to auto-install into /root—if you must run this, run it in a sandboxed VM or container and avoid running as root; (5) Verify the 'message' CLI and other assumed tooling exist and are safe; (6) Prefer explicit, user-approved installation steps rather than autonomous installs. If you want, I can list the exact questions to ask the author or produce a safer install checklist for sandboxing and auditing the external repo.