YouTube Transcript (yt-dlp captions)
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: youtube-transcript-yt-dlp Version: 1.0.5 The skill bundle is suspicious due to the presence of fully implemented, but currently unused, functions (`_thirdparty_tubetranscript`, `_thirdparty_downsub`, `_thirdparty_noteey` in `scripts/yt_transcript.py`) designed to send YouTube video IDs to third-party transcript providers (yt-to-text.com, downsub.com, noteey.com). This directly contradicts explicit statements in `SKILL.md` that the published version 'does not call third-party transcript providers' and 'does not send video IDs/URLs to third-party transcript providers'. While these functions are not actively called in the current execution flow, their presence represents a latent capability for data exfiltration and a significant discrepancy between stated policy and code capabilities, raising trust concerns. The code otherwise implements good security practices like input validation and path allowlisting for cookies and cache.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A compromised or unexpected yt-dlp binary on PATH would run with the user's local privileges.
The skill depends on a local external binary and has limited provenance metadata. This is expected for a yt-dlp-based transcript tool, but the user should ensure the binary comes from a trusted source.
Source: unknown; Homepage: none; Required binaries: python3, yt-dlp; No install spec — this is an instruction-only skill.
Install yt-dlp from a trusted package source, keep it updated, and verify the PATH resolves to the intended binary.
Using the skill executes a local command and lets yt-dlp contact YouTube to retrieve caption metadata or files.
The script runs yt-dlp as a local subprocess. This is central to the skill's purpose, and the visible code builds argument lists rather than passing arbitrary text through a shell.
p = subprocess.run(cmd, ... timeout=timeout_s) ... cmd = ["yt-dlp", "-J", "--skip-download", "--no-warnings", "--ignore-no-formats-error"]
Use a trusted yt-dlp installation and avoid modifying the skill to pass through arbitrary user-supplied command-line flags.
If provided, cookies may allow the tool to access YouTube as the signed-in user for caption retrieval.
The skill can use YouTube/Google cookies for authenticated access. This is disclosed and optional, but cookies can represent account session authority.
The script supports `--cookies` / `YT_TRANSCRIPT_COOKIES`, but does **not** auto-load cookies from inside the skill directory. ... Cookies must be in **Netscape cookies.txt** format. Treat cookies as **secrets**.
Only provide cookies when necessary, store them with restrictive permissions, and avoid using broad or sensitive browser cookie exports unless you understand the account-access implications.
Requested transcripts and related identifiers may be recoverable from the local cache later.
The skill stores transcript results persistently. This is purpose-aligned, but it means video IDs and transcript text can remain on disk after use.
Cache results locally in **SQLite** for speed. ... Default cache DB: `{baseDir}/cache/transcripts.sqlite`Delete or relocate the cache if the requested videos or transcript contents are sensitive.
A user might store YouTube session cookies in the skill directory despite earlier guidance to keep them outside it.
The documentation gives conflicting cookie-location guidance and claims the skill cache path is ignored by git/publish, which could confuse users about safe secret storage.
Store cookies under `~/.config/yt-transcript/`. ... Recommended local path (ignored by git/publish): `{baseDir}/cache/youtube-cookies.txt` (chmod 600)Prefer the ~/.config/yt-transcript location for cookies and clarify the documentation so cookie storage guidance is consistent.