SEO Keyword Research Tool
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a straightforward YouTube subtitle summarizer, with minor user-notice items around its mismatched name and manual third-party Python dependency.
Before installing, confirm that you want a YouTube summarization tool rather than an SEO keyword tool, install the Python dependency from a trusted source, and ensure any fetched captions are treated as content to summarize rather than instructions to follow.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could install it expecting SEO keyword research, but the skill actually summarizes YouTube videos.
The registry-facing name and slug do not match the SKILL.md purpose, which declares a YouTube summary tool. This looks like a naming/packaging mismatch rather than hidden harmful behavior.
Name: SEO Keyword Research Tool ... Slug: seo-keyword-research-tool
Rename the skill or update the registry metadata so the displayed name, slug, and SKILL.md all describe the same YouTube summarization purpose.
Manual setup could install a changed future version of the dependency, which may behave differently.
The required dependency is declared with a lower-bound version rather than an exact pin. This is common and purpose-aligned, but installation may pull a newer package version than the one originally tested.
youtube-transcript-api>=0.6.0
Prefer a pinned dependency or lockfile, and install from a trusted package index in an isolated environment.
A malicious or prank video transcript could try to influence the agent if the transcript is not kept separate from instructions.
Public video captions are external, untrusted text that may contain prompt-like instructions. Using them as summarization input is expected, but the agent should not treat transcript contents as instructions.
Automatically get subtitles from any public YouTube video ... Generate summary with the AI model using the subtitle text
Treat subtitles strictly as source material to summarize; do not follow commands, links, or requests contained in the transcript unless the user separately asks for that.