TubeScribe
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or adversarial video transcript could potentially influence the generated summary and turn the audio-generation step into unintended local code execution.
The automated workflow tells the sub-agent to insert generated summary text into a Python code string and execute it. If transcript-influenced or malformed text contains triple quotes or Python syntax, it could break out of the string and run code under the user's account.
python3 -c "
text = '''YOUR SUMMARY TEXT HERE'''
with open('<temp_dir>/tubescribe_<video_id>_summary.txt', 'w') as f:
f.write(text)
"Do not put untrusted/generated text inside python -c code. Write the temp file using a safe data channel, such as JSON-escaped literals, stdin, a dedicated script argument, or a Python helper that reads from a file created without code templating.
A crafted input could make the agent run a broader command than intended, or at minimum cause local network/file actions before the user has reviewed the exact command.
The runtime instructions put a user-supplied URL into a shell command and tell the agent to run the pipeline immediately in a background sub-agent. Script-side URL validation would not protect the shell command itself if the agent copies unsafe characters into the command.
Spawn sub-agent with the full pipeline task immediately ... python3 skills/tubescribe/scripts/tubescribe.py "{youtube_url}"Validate and strictly extract the YouTube video ID before building shell commands, use argument-safe tool calls instead of shell templates, and require confirmation before running the full background pipeline.
Users may believe no external model or service can see the video transcript/comments, when the workflow may expose that content to the agent/model provider.
The README simultaneously claims no data is uploaded and describes transcript analysis by a Claude sub-agent. Depending on the user's agent setup, transcript, URL, and comment data may enter a model/sub-agent context rather than staying purely local.
"No data is uploaded anywhere." ... "Speaker detection and transcript analysis (Claude sub-agent, same as your main agent)"
Clarify exactly what data is sent to the main agent/sub-agent/model provider, distinguish local TTS/document generation from model-based summarization, and avoid absolute 'no upload' claims unless they are true for all supported runtimes.
Installing optional components expands trust to Homebrew, PyPI, GitHub release assets, and model packages.
The optional setup path downloads and installs third-party tools/models from external package and release sources. This is disclosed and purpose-aligned, but the artifacts do not show pinned hashes or reproducible provenance.
setup.py ... offers to install any missing ones. It only downloads from official sources (Homebrew, PyPI, GitHub releases).
Run setup only when needed, review prompts before approving installs, and prefer pinned versions/checksums for downloaded binaries and packages.
Video URLs, transcripts, metadata, and comments may be visible to the agent workflow used to create summaries.
The workflow delegates transcript/source JSON processing to a sub-agent. That is central to the skill, but users should understand that video metadata, transcript text, and comments are placed into an agent/sub-agent context.
Spawn ONE sub-agent that does the entire pipeline ... Step 2: Read source JSON ... Step 3: Create formatted markdown
Disclose the sub-agent/model data boundary clearly and avoid processing confidential video material unless the user is comfortable with the agent provider handling it.
The skill may continue fetching from YouTube and writing output files while the user keeps chatting.
The skill intentionally uses a long-running background sub-agent. This is disclosed, scoped to the TubeScribe task, and has cleanup configured, but it means work continues after the initial response.
Non-Blocking Workflow — Conversation continues while video processes in background ... runTimeoutSeconds=900, cleanup="delete"
Provide visible status/cancel controls and make sure users know when a background job is running.