Back to skill
Skillv4.1.2
ClawScan security
YouTube SkillForge · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 3, 2026, 11:51 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's declared behavior, required tools, and runtime instructions are internally consistent with its purpose of turning YouTube videos into local skill files, but the package source is undocumented and you should verify the npm package before installing.
- Guidance
- The skill appears coherent for turning YouTube content into local skill files, but before you install: 1) Verify the npm package publisher and view the package source (check for unexpected postinstall scripts or network calls). 2) Confirm you trust the package owner — registry metadata has no homepage/source URL. 3) Expect the CLI to create ~/.skillforge/ (it says it will prompt for consent) — inspect that directory and its files after first run. 4) Understand that transcript synthesis uses whatever LLM keys your agent already has (e.g. ANTHROPIC_API_KEY); the skill doesn't ask for new credentials but will rely on existing agent-provider credentials. 5) Prefer installing yt-dlp from a trusted package manager (Homebrew) and consider running the CLI in a sandboxed environment initially. If you want higher assurance, request the skill's source code or an official homepage before adding it to production agents.
Review Dimensions
- Purpose & Capability
- okThe skill converts YouTube videos into skill files; requiring yt-dlp and offering a node CLI is appropriate and proportional. The listed binaries and install steps align with the stated purpose.
- Instruction Scope
- noteSKILL.md stays mostly within scope: it documents writing only to ~/.skillforge (with a consent prompt), rebuilding a local SQLite index, and running an MCP stdio server. It also notes that it uses whatever LLM the host agent already has configured (e.g. ANTHROPIC_API_KEY) — this is plausible but worth noting because the skill will rely on the agent's provider credentials even though it doesn't request them directly.
- Install Mechanism
- noteInstall spec uses an npm package (youtube-skillforge) and Homebrew formula for yt-dlp, both reasonable. However the registry metadata lists no homepage/source URL and the skill's registry owner is opaque; you should verify the npm package publisher and any postinstall scripts before installing.
- Credentials
- noteThe skill declares no required env vars and doesn't ask for credentials. It will, however, invoke the host agent's configured LLM (which may require provider keys already present in the agent environment). That use is consistent with the described behavior but users should be aware their agent's provider keys may be used to synthesize transcripts.
- Persistence & Privilege
- okalways:false (not force-included) and the skill writes only to its own folder (~/.skillforge/) per the docs. It runs as a subprocess over stdio and does not require network-facing servers. These privileges are reasonable for the stated functionality.