Podcast Summarize
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: podcast-summarize Version: 0.1.0 The skill bundle is a legitimate tool for summarizing podcast episodes using standard utilities like yt-dlp and Whisper. The provided script (transcribe.sh) and documentation (SKILL.md, technical.md) contain no malicious commands, data exfiltration logic, or prompt injection attempts, focusing entirely on audio processing and transcription workflows.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may download or process podcast media from links the user provides.
The skill may use downloader/transcription tooling on user-provided URLs or audio sources. This is expected for podcast summarization, but users should be aware that remote content may be fetched.
For YouTube: Use yt-dlp to extract audio - For URLs: Download if needed
Use trusted links and keep download/transcription steps tied to explicit user requests.
If the API option is used, the agent or CLI may rely on the user's OpenAI account credentials.
The reference document describes optional OpenAI API credential use for Whisper transcription. This is purpose-aligned, but the key can grant access to a user account and incur usage charges.
Set OPENAI_API_KEY environment variable
Use a limited API key where possible, monitor billing, and prefer local transcription for sensitive audio.
Package versions or package sources could change over time and affect the local environment.
The setup guidance asks users to install unpinned Python packages. These packages are relevant to the skill's purpose, but unpinned package installation leaves version and provenance decisions to the user.
pip install yt-dlp pip install openai-whisper pip install whisper
Install dependencies in a virtual environment, verify official package names, and pin versions if using the skill regularly.
Private or unpublished audio could be uploaded to an external provider if the user chooses the API transcription path.
The helper script prints an optional command that would send the selected audio file to OpenAI for transcription. The script does not run it automatically, but users should understand this external data flow.
openai audio transcriptions.create --file "$AUDIO_FILE" --model whisper-1
Confirm before using API transcription and use local Whisper for confidential recordings.