YouTube Watcher
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: youtube-watcher Version: 1.0.0 The OpenClaw skill 'youtube-watcher' is designed to fetch and clean YouTube video transcripts using the `yt-dlp` utility. The `SKILL.md` provides clear instructions for the agent, and the `scripts/get_transcript.py` script executes `yt-dlp` with specific arguments to download subtitles into a temporary directory, then cleans and prints the text. There is no evidence of data exfiltration, malicious execution beyond the intended use of `yt-dlp`, persistence mechanisms, prompt injection attempts against the agent, or obfuscation. The behavior is fully aligned with its stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill's behavior depends on the installed yt-dlp tool, so a compromised or untrusted installation of that dependency could affect what runs locally.
The skill relies on installing an external yt-dlp package/binary. This is disclosed and purpose-aligned, but users should trust the package source they install from.
"requires":{"bins":["yt-dlp"]},"install":[{"id":"brew","kind":"brew","formula":"yt-dlp"...},{"id":"pip","kind":"pip","package":"yt-dlp"...}]Install yt-dlp only from trusted package managers or sources and keep it updated.
Using the skill will run yt-dlp locally and contact the video source for the URL provided.
The script executes the local yt-dlp binary with the user-provided URL to retrieve subtitles. This command execution is central to the skill and is not shell-interpolated.
cmd = ["yt-dlp", "--write-subs", "--write-auto-subs", "--skip-download", "--sub-lang", "en", "--output", "subs", url] subprocess.run(cmd, cwd=temp_dir, check=True, capture_output=True)
Use the skill only with video URLs you intend to process, and avoid relying on transcript content as trusted instructions.