Skillv1.0.0

ClawScan security

YouTube Long Video Transcript · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:39 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The instructions require a DownSub API key (and even embed a bearer token) and ask the agent to spawn sub-agents and read/write transcript files, but the skill metadata declares no credentials or requirements — these inconsistencies are suspicious and should be checked before installing.
Guidance: Do not install blindly. Key points to check before proceeding: - The SKILL.md requires a DownSub API key yet the registry metadata lists no credentials — confirm where/how you'll provide the API key and avoid pasting secrets into plain instructions. Prefer storing keys in your platform's secrets store. - The document embeds an Authorization header with a bearer token (starts with 'AIza...'); treat this as suspicious (possible accidental leak or placeholder). Do not assume the embedded token is valid or safe to use. - Verify that DownSub actually requires the type of key described and that the endpoint and Authorization scheme are legitimate (consider using official YouTube APIs or known services instead). - Note the skill asks the agent to spawn sub-agents and read/write transcript files; ensure you trust the agent runtime with those files and do not allow it to access unrelated files or credentials. - Clarify the contradictory instructions around 'zhiyan' and the recommended workflow (the SKILL.md has inconsistent guidance). - If you proceed, prefer giving the minimum required credential scoped appropriately, test with a small non-sensitive video, and monitor any network requests the agent makes.

Review Dimensions

Purpose & Capability: concernThe skill's name/description (YouTube long-video transcription & translation) matches the SKILL.md workflow, but the metadata declares no required credentials or tools while the instructions explicitly require a DownSub API key and optional 'zhiyan' tool. The SKILL.md even embeds an Authorization header with a bearer token, which is inconsistent with the registry metadata and unexpected for a simple instruction-only skill.
Instruction Scope: concernRuntime instructions tell the agent to POST to https://api.downsub.com/download with a specific Authorization header (token-looking string starting with 'AIza...'), spawn sub-agents, read and slice large transcript files, append/write chunk files, and optionally call a 'zhiyan' MCP. The instructions contain contradictions (e.g., earlier 'Has zhiyan? → Can generate online docs' vs. spawn-task text 'Do NOT use zhiyan') and include a hard-coded credential in the document — both are red flags. The steps ask the agent to handle secrets and to spawn background processing, which broadens the surface area beyond a simple parser.
Install Mechanism: okNo install spec and no code files are present (instruction-only). This lowers the risk from disk-installed arbitrary code. However, being instruction-only means the SKILL.md itself is the primary security surface and must be trusted.
Credentials: concernThe skill metadata lists no required environment variables or primary credential, yet the SKILL.md requires a DownSub API key and shows an Authorization header with a token pattern ('AIza...') typically associated with Google API keys. Requiring a bearer/API key is reasonable for a third‑party service, but the metadata should declare it and the embedded token in the instructions is problematic. The skill also asks the user to 'configure in secrets' with no guidance on scope or storage.
Persistence & Privilege: okThe skill does not request persistent installation or 'always' inclusion and does not ask to modify other skills or system-wide settings. It does instruct spawning sub-agents and writing local files (transcript chunks and merged outputs), which is expected for long-file processing but increases operational privileges at runtime; this is a normal but notable capability.