v1.0.1

Youtube Transcript Local

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:04 AM.

Analysis

The skill mostly matches its YouTube transcript purpose, but it can automatically install software at runtime and overstates its safety claims.

GuidanceReview before installing. Prefer installing yt-dlp yourself in a virtual environment, avoid automatic runtime package installation, choose a known output directory, and delete the transcripts/.cache files if the processed video content is sensitive.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

extract.py

print("Installing yt-dlp...")
subprocess.check_call([sys.executable, "-m", "pip", "install", "yt-dlp"])

If yt-dlp is missing, the skill installs a package at runtime without a pinned version or separate install spec, which can unexpectedly modify the user's Python environment.

User impactFirst use could download and install code from the Python package ecosystem, changing the local environment before the user realizes setup is happening.

RecommendationMove dependency installation to an explicit user-approved setup step, declare yt-dlp as a required dependency, and pin or lock the package version.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

extract.py

cmd = [
    self.yt_dlp_path,
    "--write-sub",
    "--sub-lang", lang,
    "--skip-download",
    "--convert-subs", "srt",
    "-o", str(output_template),
    url
]

The skill passes a user-provided URL to yt-dlp and writes subtitle files. This is central to the stated purpose and uses an argument list rather than shell interpolation, so it is a purpose-aligned note rather than a concern.

User impactInvoking the skill can make network requests to YouTube and create local subtitle files.

RecommendationUse it only for videos you intend to process, and review the selected output directory before running.

Human-Agent Trust Exploitation

SeverityLowConfidenceHighStatusConcern

README.md

**本地安全的 YouTube 字幕提取工具** - 無需外部 API，無安全風險

The documentation makes absolute 'no security risk' claims even though the artifacts show network-dependent yt-dlp use, local caching, and possible runtime package installation.

User impactUsers may over-trust the skill and overlook normal risks from dependency installation, network retrieval, and saved transcript/cache files.

RecommendationReplace absolute safety claims with specific disclosures: it contacts YouTube through yt-dlp, may store local output/cache files, and should require explicit dependency installation.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

extract.py

self.output_dir = Path(output_dir) if output_dir else Path.cwd() / "transcripts"
self.cache_dir = Path(cache_dir) if cache_dir else Path.cwd() / ".cache"
...
json.dump(info, f, ensure_ascii=False, indent=2)

The skill persistently stores transcripts and video metadata locally. This is expected for transcript extraction, but it leaves a record of processed videos and retrieved content.

User impactVideo IDs, titles, metadata, and transcripts may remain on disk after use, which could matter on shared machines or shared workspaces.

RecommendationDocument the cache/output locations clearly and provide guidance for clearing or disabling cached metadata.