Skillv0.1.3

ClawScan security

YouTube Transcript Fetcher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 9, 2026, 5:45 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill does what it claims: a Python + yt-dlp based transcript fetcher that scrapes the YouTube watch page and uses the InnerTube player API as a fallback — nothing in the files requires unrelated credentials or unexpected system access.
Guidance: This skill appears internally consistent with its stated purpose, but consider the following before installing: (1) It scrapes YouTube and uses the extracted INNERTUBE_API_KEY to call youtubei endpoints — this is a pragmatic but scraping-like technique and may have ToS or legal implications for some uses. (2) Transcripts (potentially sensitive or copyrighted content) are fetched and written to disk (default /tmp); avoid running on private content you don't control and consider changing the output path. (3) The tool depends on yt-dlp and PyPI packages (requests, youtube-transcript-api); install those from trusted sources and review requirements.txt if you enforce supply-chain security. (4) If you want to minimize risk, run the skill in an isolated environment/container and inspect the script (scripts/youtube_transcript_fetcher.py) yourself — there are no obfuscated endpoints or hidden credentials in the provided files. If you need deeper assurance, provide the truncated portion of the script so it can be fully reviewed.

Review Dimensions

Purpose & Capability: okThe name/description match the implementation: the code calls yt-dlp for channel/video listing and uses Python + requests to scrape YouTube and call the InnerTube player endpoint. Required binaries (python3, yt-dlp) and the listed Python dependencies are appropriate for the stated goal.
Instruction Scope: noteSKILL.md and README explicitly instruct fetching the watch page, extracting INNERTUBE_API_KEY, calling youtubei/v1/player with multiple client profiles, downloading caption XML, and returning transcript text. These steps are within the skill's purpose but do involve direct network calls to YouTube and user-agent/client spoofing to recover captions. The instructions do not ask the agent to read unrelated system files or environment variables.
Install Mechanism: okInstall spec uses a standard brew formula for yt-dlp and a requirements.txt for pip. No arbitrary downloads or obscure install URLs are present. The pip dependencies (requests, youtube-transcript-api) are normal for this functionality; as always, vet PyPI packages if you require strict supply-chain assurance.
Credentials: okNo environment variables, credentials, or config paths are requested. The tool only needs network access to YouTube and local ability to run yt-dlp and Python. There are no extra SECRET/TOKEN env requirements that would be disproportionate.
Persistence & Privilege: okThe skill is not marked always:true and does not request to modify other skills or global agent settings. It is a runtime-invoked CLI/skill with no persistent privileged presence requested.