youtube

The skill mostly does what it says (uses SkillBoss API and yt-dlp) but has a few inconsistencies and requires running third‑party code you should vet before installing or giving the API key to.

Before installing or using this skill: 1) Understand that transcripts (full text) are uploaded to SkillBoss API (api.skillbossai.com) — do not send private or sensitive transcripts unless you trust that service. 2) The SKILL.md tells you to install and possibly build/run third‑party code (npm package zubeid-youtube-mcp-server and/or a GitHub repo). Vet that package/repo (review source, maintainers, npm/package reputation) before running npm install -g or git clone + npm install. 3) The instructions use mcporter to invoke the MCP server but mcporter is not declared — you’ll need to install/verify it separately. 4) yt-dlp will download subtitles to /tmp; be mindful of storage, copyright, and local privacy. 5) If you lack confidence in the third‑party code or SkillBoss, consider running the tool in an isolated environment (container or VM), or avoid exporting your SKILLBOSS_API_KEY and instead use a limited/test key. These issues make the package coherent with its purpose but require caution — that’s why this evaluation is flagged as suspicious rather than benign.