Tóm tắt Video YouTube (Jaskies)
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill’s behavior matches its YouTube transcript summarization purpose, with only user-directed setup and command-use notes to review.
This appears safe for its stated purpose. Before installing, make sure you trust the package sources for yt-dlp and ffmpeg, and expect the skill to run a local script that fetches subtitles for the video URL you provide.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing these tools changes the local environment and relies on trusted package repositories.
The skill asks the user to install external packages through apt and pip. This is expected for YouTube subtitle extraction, but it depends on the user’s package sources and is not pinned in the artifact.
sudo apt update && sudo apt install -y ffmpeg python3 -m pip install -U yt-dlp
Install yt-dlp and ffmpeg from trusted sources, consider using a virtual environment for pip, and verify the commands before running them.
Using the skill will contact the video service and run yt-dlp locally for the provided URL.
The script invokes yt-dlp on a user-supplied URL to retrieve subtitles. The argument is quoted and this use is central to the skill’s purpose, but it is still a local command that performs network access.
yt-dlp --skip-download --write-auto-subs --sub-lang "vi,en" --convert-subs vtt -o "$OUTPUT_DIR/sub" "$URL"
Use the skill only with video links you intend to process, and keep yt-dlp updated from a trusted source.