Back to skill
Skillv1.0.1
ClawScan security
Idea Vault · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 4:55 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, runtime instructions, and required credential align with its stated purpose (capturing links/notes and optionally fetching YouTube transcripts); nothing requested or installed appears disproportionate or unexplained.
- Guidance
- This skill appears to do what it claims: capture chat drops and optionally fetch YouTube transcripts. Before installing: (1) confirm you are comfortable with outbound requests to YouTube and transcriptapi.com (the transcript API key is used for TranscriptAPI); (2) pick a safe VAULT_DIR and avoid storing sensitive private chat content there; (3) keep API keys in environment variables and out of commits; (4) review that downloading attachments (the script can save assets) fits your security policy; and (5) if you rely on yt-dlp, ensure that binary and any cookies you provide are trustworthy. The transcript API key being marked as primary in metadata but described as "recommended" in docs is a minor documentation mismatch—clarify whether the key is mandatory for your use case.
Review Dimensions
- Purpose & Capability
- okName/description match the actual capabilities: extracting captures from chat, fetching YouTube transcripts, saving markdown entries and an index. Required binary (python3) and the transcript API key (IDEA_VAULT_TRANSCRIPTAPI_KEY) are expected for this functionality. Minor inconsistency: SKILL.md calls the transcript API key "strongly recommended" while registry metadata marks it as the primaryEnv, but this is a small documentation mismatch rather than a functional mismatch.
- Instruction Scope
- okRuntime instructions are narrowly scoped to: reading recent chat messages (provided to the extractor via stdin/messages.json), fetching transcripts from YouTube/TranscriptAPI, creating local files under a vault directory, and optionally downloading attachments. The SKILL.md explicitly warns about external network calls and does not instruct reading unrelated system files or secrets.
- Install Mechanism
- okThere is no automatic install step in the registry (user runs pip install -r requirements.txt). The requirements are minimal (requests). No remote, untrusted archives or opaque installers are fetched by the install process declared in the skill; only user-invoked package installation is recommended.
- Credentials
- noteThe skill declares a single primary credential (IDEA_VAULT_TRANSCRIPTAPI_KEY) which maps to the TranscriptAPI calls; other optional env vars (e.g., IDEA_VAULT_DIR, YTDLP-related vars) are mentioned but not required. This is generally proportionate, though the metadata/README wording about which vars are required vs. recommended is slightly inconsistent and should be clarified before deployment.
- Persistence & Privilege
- okalways:false and no code indicates modification of other skills or system-wide settings. The skill writes to a local vault directory (user-configurable) and caches transcripts; this is expected behavior and limited in scope.