Idea Vault
Security checks across malware telemetry and agentic risk
Overview
The skill mostly matches its local idea-vault purpose, but it deserves review because it can optionally use a yt-dlp cookies file and makes network calls while saving chat-derived content.
Install only if you are comfortable with a local vault retaining saved chat notes and with disclosed calls to YouTube, TranscriptAPI, and captured URLs. Be especially careful with `IDEA_VAULT_YTDLP_COOKIES`: leave it unset unless needed, and never point it at broad browser session data without understanding the consequences.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user configures a browser or account cookie file, transcript fetching may run with the user's logged-in identity and could expose sensitive session material if mishandled.
The documented optional cookie setting suggests the skill can be configured to use a yt-dlp cookies file. Cookie files can contain account/session credentials, but the artifacts do not clearly explain which cookies are expected, when they are used, or how that session data is bounded.
Optional: - `IDEA_VAULT_YTDLP_BIN` - `IDEA_VAULT_YTDLP_COOKIES`
Do not set the cookies option unless necessary. If used, provide a minimal YouTube-only cookie export and avoid broad browser profile/session files. The skill author should declare this optional credential path and document exact handling and scope.
Vaulting a link can reveal that URL or video lookup to YouTube, TranscriptAPI, or the linked source site.
The skill discloses that captured URLs and YouTube transcript workflows can trigger outbound requests. This is expected for a link/transcript vault, but users should notice that saving a link may contact external services.
This skill can make outbound network calls to: - `youtube.com` ... - `transcriptapi.com` ... - source/asset URLs included in captured messages
Avoid using the skill for sensitive private links or notes unless you are comfortable with the disclosed network calls. Consider confirming before fetching arbitrary captured asset URLs.
Future installs may get a newer dependency version than the author tested.
The skill asks users to install a Python dependency with a lower-bound version rather than an exact pin or lockfile. This is common and purpose-aligned, but it leaves the exact installed package version to the environment at install time.
requests>=2.31.0
Install in a virtual environment and prefer pinned versions or a lockfile if reproducibility matters.
Saved notes and transcripts may remain searchable on disk after the chat ends.
The skill intentionally persists chat-derived notes, links, transcripts, and an index for later search. This is the core function, but it creates retained local context that could include sensitive user content.
1) Read recent messages in the current chat. ... 5) Upsert into vault ... Under `VAULT_DIR`: - `entries/...` - `transcripts/...` - `index.json` - `_cache/`
Set `IDEA_VAULT_DIR` to a private location, review saved entries, and avoid vaulting secrets or sensitive private chat content.