ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Podcasts

Track and synthesize podcasts with subscriptions, briefings, progress tracking, and smart alerts for new episodes and guests.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 534 · 0 current installs · 0 all-time installs
byIván@ivangdavila
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (track and synthesize podcasts) matches the instructions to subscribe, summarize, and manage a backlog. However, the SKILL.md explicitly lists external tools and data sources (yt-dlp, Whisper, Apple transcripts, Taddy/Podcast Index) that a real implementation would likely need; the skill metadata lists no required binaries, installs, or credentials, which is inconsistent with those stated needs.
!
Instruction Scope
Instructions direct the agent to download/obtain transcripts and audio (yt-dlp, Whisper, YouTube auto-captions) and to monitor 'any podcast' for VIP guests and trending content. That can require broad network access, repeated downloads, and scraping of multiple platforms. The instructions also mandate writing summarized data and transcripts to ~/podcasts/, which is a clear local storage behaviour the user should know about. There is no guidance about rate limiting, frequency, or consent for downloading content.
Install Mechanism
This is an instruction-only skill (no install spec), which is low risk in itself. But because the SKILL.md assumes tools like yt-dlp and Whisper are used, the lack of declared required binaries or an install method is an inconsistency: the agent may fail at runtime or implicitly rely on preinstalled third-party tooling from unknown sources.
!
Credentials
The skill declares no required environment variables or credentials, yet references services (Apple transcripts, Podcast Index, third-party services named 'Taddy') that commonly require API keys or credentials. The SKILL.md does not describe what credentials (if any) are needed, where they should be stored, or whether private keys/tokens will be used—this is disproportionate opacity for a skill that interacts with third-party APIs and downloads content.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It instructs storing files under ~/podcasts/ (subscriptions.md, queue.md, briefings/, knowledge.md, guests.md). Local persistence limited to a dedicated directory is normal, but the user should be aware transcripts and possibly full episode audio may be saved there. The skill does not declare modifying other skills or system settings.
What to consider before installing
This skill appears to do what it says (subscribe, summarize, prioritize), but it also relies on downloading audio/video and creating transcripts from multiple sources. Before installing or enabling it, check the following: - Confirm whether the agent environment already has yt-dlp, Whisper (or other transcription tools), and whether you trust their installation sources; if not, ask the author how they expect those tools to be provided. - Ask what third-party APIs are used (Podcast Index, Apple, Taddy, YouTube) and whether API keys are required; never supply credentials unless you understand why and how they will be stored and used. - Be aware the skill will write data under ~/podcasts/ (transcripts, briefings, guest watchlists). Decide if you are comfortable storing potentially copyrighted audio and auto-generated transcripts locally and confirm how to delete that data. - Clarify how often the skill will scan/ download content and whether it will monitor 'all podcasts' automatically—this impacts bandwidth, rate limits, and privacy. - If you proceed, prefer installing required tools (yt-dlp, Whisper) from official project sources, and limit credentials to least privilege. If the author cannot explain the missing dependency/credential declarations, treat the skill cautiously or avoid installing it.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk9722mbsga7860qtvqkb2ysbcn810gbt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Core Behavior

  • User mentions a podcast → add to subscriptions, track new episodes
  • User asks "what's new?" → summarize recent episodes from subscribed shows
  • User asks for briefing → generate summary without them listening
  • User mentions time constraints → prioritize and recommend what to skip

Workspace

Store podcast data in ~/podcasts/:

~/podcasts/
├── subscriptions.md   # Shows I follow
├── queue.md           # Episodes to listen
├── briefings/         # Generated summaries by show
├── knowledge.md       # Extracted insights (learner mode)
└── guests.md          # VIP guest watchlist

Quick Commands

User SaysAgent Does
"I follow Lex Fridman"Add to subscriptions
"Summarize latest Huberman"Generate episode briefing
"What should I listen to?"Prioritize queue by time available
"Did Naval appear anywhere?"Check guest across all podcasts
"I finished episode X"Mark complete, update progress
"Too many episodes"Suggest what to skip, create catch-up plan

Load Reference

SituationFile
Generating briefings, summariesbriefings.md
YouTube video podcasts, clipsyoutube.md
Learning mode, knowledge extractionlearning.md
Discovery and recommendationsdiscovery.md

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…