Skillv3.0.0

ClawScan security

Youtube Podcast Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 17, 2026, 5:16 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and requested credentials are coherent with its stated purpose (converting YouTube transcripts into multi-voice podcasts using Gemini and OpenAI TTS); no obvious mismatch or hidden exfiltration was found.
Guidance: This skill appears to do what it says, but review and follow these precautions before installing: - Run it locally and keep the server bound to 127.0.0.1 as provided; do not expose the port to the network or internet. - Ensure you have Node (check package-lock engine hints — Node >=20 may be required), npm, and ffmpeg installed from trusted sources. - Store GEMINI_API_KEY and OPENAI_API_KEY in the skill's .env as instructed; if you paste keys into the web UI they are kept in browser memory to send to the local server — clear them and use the Reset/Delete UI button when done. - Be aware /api/transcribe is unauthenticated (creates transcripts) while other endpoints require keys; avoid running this on systems where unauthenticated local access is a concern. - Because the server serves downloads from a local folder, double-check host binding and firewall rules to prevent accidental exposure. - Optionally review the included source (index.js and public/*) yourself or run it in an isolated environment (container or VM) before using real API keys. - The declared requirement for curl appears unnecessary; that alone is not harmful but points to a small metadata mismatch.

Review Dimensions

Purpose & Capability: okName/description match the actual code and runtime behavior: the server transcribes YouTube, calls Gemini (@google/genai) to draft scripts, and uses OpenAI for TTS plus FFmpeg to produce audio. Required binaries (node, npm, ffmpeg) and env vars (GEMINI_API_KEY, OPENAI_API_KEY) are appropriate. Minor note: curl is declared as required but the included code does not call curl, so that entry appears unnecessary.
Instruction Scope: noteSKILL.md instructs running npm install, placing keys in a .env, and starting a local server — exactly what the code expects. The server binds to 127.0.0.1 and uses a downloads folder under the skill directory. Items to watch: the /api/transcribe endpoint does not require an API key (this is reasonable for fetching YouTube transcripts but means transcript creation is unauthenticated), and the server exposes downloads via express.static('/downloads') — safe while bound to localhost but could leak files if the host binding is changed. The SKILL.md also suggests safe shutdown using a tracked PID file; index.js writes .podcaster.pid as described.
Install Mechanism: okThere is no automated install spec (install steps are manual: npm install then npm start). Dependencies are standard npm packages pulled from the registry (package-lock shows npm registry URLs). No downloads from arbitrary servers or URL shorteners were used. Note: some dependencies declare engine requirements (e.g., node >=20) — user should ensure an appropriate Node version before installing.
Credentials: okThe skill only requests two API keys (GEMINI_API_KEY and OPENAI_API_KEY) which are directly used by the Gemini and OpenAI client libraries in the code. The code also accepts keys via request headers for browser-driven usage (x-api-key, x-openai-key) — consistent with the front-end design. No unrelated credentials or system secrets are requested.
Persistence & Privilege: okalways: false and the skill does not request permanent platform-wide privileges. It writes a PID file and creates a downloads directory inside its own folder; it does not modify other skills or global agent settings. The server runs locally and includes rate limiting and a garbage collector for session cleanup.