YouTube Shorts 자동 생성
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s YouTube Shorts purpose is clear, but it depends on unreviewed external code and includes automated YouTube upload/account actions that are not clearly scoped.
Before installing, inspect the external GitHub repository and setup script, run it in an isolated environment, and do not allow YouTube upload until you have reviewed the final video and understand the required account permissions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or running the skill may execute code and dependencies that were not reviewed in this package.
The submitted skill contains only SKILL.md, but it requires cloning an unpinned external repository and running a setup script that was not included in the scan.
소스코드 전체가 필요합니다. GitHub에서 클론하세요: git clone https://github.com/kangjjang/youtube-shorts-skill.git ... bash scripts/setup.sh
Inspect the GitHub repository and setup script before running, pin a specific commit or release, and prefer a packaged version that includes reviewed source and dependency lockfiles.
If run with account access, the agent could upload generated videos or metadata to YouTube before the user has reviewed the final result.
This documents a workflow that can automatically select/generate content and upload it, but the artifact does not state a required final review or confirmation boundary before upload.
| 자동 선택 + 비공개 업로드 | `python main.py --auto --upload` |
Use generation-only commands first, require explicit user approval before any upload, and show the final video, title, description, and privacy setting before posting.
A user may grant YouTube account access without knowing what scopes are needed, where tokens are stored, or how uploads are controlled.
The skill advertises YouTube upload but only documents the Gemini API key requirement; it does not explain YouTube credential/OAuth scopes, token storage, or account permission boundaries.
description: "... → YouTube 업로드" ... 필수 환경변수 - `GEMINI_API_KEY`: Gemini API 키
Document YouTube authentication requirements, requested scopes, token storage/revocation steps, upload privacy defaults, and require least-privilege authorization.
The setup can modify the local environment and install packages on the user’s machine.
Bash, Python, Node, and package installation are expected for this video-generation workflow, but they still execute local setup and dependency code.
allowed-tools: Bash, Read, Write, Glob, Grep ... source .venv/bin/activate ... pip install -r requirements.txt
Run the skill in a dedicated directory or sandboxed environment, inspect requirements before installation, and avoid running it with elevated privileges.