Youtube Transcription Generator
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is purpose-aligned for transcribing YouTube videos, but users should notice that it requires local CLI setup, a VLM Run API key, downloading media, and sending video content to an external provider.
This skill looks benign for its stated purpose. Before installing or using it, be comfortable with installing vlmrun/yt-dlp, storing a VLMRUN_API_KEY in a local .env file, downloading YouTube media to disk, and uploading the downloaded media to VLM Run for transcription. Because the referenced script and requirements file are not included, prefer the manual commands or verify any missing files from a trusted source.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant may download video/audio files and create transcript/output files on the user’s machine.
The skill directs the assistant to chain local CLI tools using a user-provided URL and output path. This is expected for the transcription workflow, but it still means commands can download media and write files.
User provides a **YouTube URL** ... Download the video ... with **yt-dlp**. Run: `vlmrun chat ... -i <downloaded_file> -o <output_dir>`.
Use a dedicated output folder, confirm the URL and destination before running commands, and avoid broad or sensitive output paths.
A VLM Run API key is needed and should be treated as a sensitive credential.
The skill requires a provider API key and instructs the assistant to check for it. This is purpose-aligned for VLM Run, but the registry metadata does not declare required env vars or a primary credential.
Ensure `.env` (or `.env.local`) contains `VLMRUN_API_KEY`.
Store the API key securely, do not paste it into chat, and ensure the assistant only checks whether it exists rather than displaying or copying its value.
The recommended scripted setup may not work as packaged, and users cannot inspect the referenced helper script in the supplied artifacts.
The instructions reference a requirements file and helper script, but the provided manifest contains only SKILL.md. The package-install and script-run steps are central to the stated purpose, yet the referenced files are not present for review.
`uv pip install -r requirements.txt` ... `python scripts/run_transcription.py "https://www.youtube.com/watch?v=VIDEO_ID" -o ./output`
Prefer the documented manual commands unless the missing script and requirements file are obtained from a trusted source and reviewed.
Video or audio content may be uploaded to an external transcription provider.
The workflow sends the downloaded video file to the VLM Run provider for transcription. This external processing is disclosed and purpose-aligned, but users should understand that media content leaves the local environment.
Transcribes the video with **vlmrun** (Orion visual AI) ... `vlmrun chat "Transcribe this video..." -i <downloaded_file> -o <output_dir>`.
Only process videos you are allowed to upload, and avoid using this workflow for private or sensitive media unless VLM Run’s data-handling terms are acceptable.