Video Intelligence
PassAudited by ClawScan on May 10, 2026.
Overview
The skill matches its stated video-transcription purpose, but users should notice that it can upload audio to OpenAI, uses an OpenAI API key, and documents an unpinned command-line tool install.
This skill appears safe for its stated purpose if you are comfortable using yt-dlp and, when captions are unavailable, sending video audio to OpenAI. Do not set OPENAI_API_KEY if you want to prevent external transcription uploads, and consider cleaning /tmp/video-intel after processing sensitive videos.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If captions are unavailable and an OpenAI API key is configured, the video's audio will leave the user's machine and be sent to OpenAI.
The skill clearly discloses an external provider flow for audio transcription when captions are unavailable.
the script **downloads the audio and uploads it to OpenAI's transcription API** (`https://api.openai.com/v1/audio/transcriptions`)
Only use this fallback for videos you are comfortable sending to OpenAI; leave OPENAI_API_KEY unset or use a local transcription model if you want to avoid external upload.
Using the fallback may consume OpenAI account quota or incur costs tied to the configured API key.
The script uses the user's OpenAI API key to authenticate transcription requests. This is purpose-aligned and not hardcoded or logged in the artifacts, but it is still account-authorized access.
-H "Authorization: Bearer $OPENAI_API_KEY"
Use a revocable API key, monitor usage, and unset OPENAI_API_KEY when you do not want this skill to call OpenAI.
Installing the latest remote binary without verification could expose the user to upstream or download-path supply-chain issues.
The documented setup fetches the latest executable directly from GitHub without a pinned version or checksum. It is user-directed and central to the skill, but users should verify the dependency.
curl -L https://github.com/yt-dlp/yt-dlp/releases/latest/download/yt-dlp -o ~/bin/yt-dlp && chmod +x ~/bin/yt-dlp
Install yt-dlp from a trusted package manager or verify release provenance/checksums before running it.