ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

YouTube Summarizer

v1.0.0

Automatically fetch YouTube video transcripts, generate structured summaries, and send full transcripts to messaging platforms. Detects YouTube URLs and provides metadata, key insights, and downloadable transcripts.

4· 6.6k·62 current·71 all-time
by@abe238
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description match the instructions: it fetches transcripts, summarizes, saves transcripts, and can send files to messaging platforms. However it requires an external MCP server and heavily assumes a Clawdbot environment (message CLI) and specific filesystem layout (/root/clawd). Those assumptions are not declared as required binaries/config and are disproportionate compared to a simple summarizer.
!
Instruction Scope
SKILL.md instructs the agent to git-clone/build a third-party repo, run Node code to fetch transcripts, write files under /root/clawd/transcripts and /tmp, and invoke a 'message' CLI to send files. It also suggests the MCP server uses Android client emulation to bypass YouTube cloud IP blocking — an operational behavior that bypasses platform protections and could have policy/legal implications. The instructions permit automatic installation in unspecified contexts, which grants the agent broad discretion to execute network operations and install code.
!
Install Mechanism
There is no formal install spec for the skill itself; SKILL.md includes commands to git clone https://github.com/kimtaeyoon83/mcp-server-youtube-transcript.git and run npm install/npm run build. Cloning and executing an unvetted third-party repository is a moderate-to-high risk operation (even though the source is a GitHub repo). The skill will execute JavaScript from that repo (node -e import './dist/youtube-fetcher.js'), which runs arbitrary code on the host.
!
Credentials
The skill declares no required env vars or binaries, but in practice it depends on Node.js, Clawdbot's 'message' CLI, and write access to /root/clawd and /root/clawd/transcripts. It also assumes the presence/permission to create directories under /root and to run git/npm. CHAT_ID/Telegram credentials are referenced but not declared; the skill fails to document required messaging credentials or tools, which is an incoherence and increases risk.
Persistence & Privilege
always:false and autonomous invocation is allowed (default). The skill writes persistent transcript files under /root/clawd/transcripts and may install/maintain the MCP server under /root/clawd — persistent filesystem changes are expected for this functionality, but the hard-coded root paths and implied ability to install software are noteworthy and should be constrained or sandboxed.
What to consider before installing
Before installing or enabling this skill, consider the following: (1) The skill requires cloning/building a third-party repository and will execute its code — review https://github.com/kimtaeyoon83/mcp-server-youtube-transcript thoroughly before running. (2) The MCP approach explicitly uses Android-client emulation to bypass YouTube cloud IP restrictions — this may violate platform terms or attract additional risk. (3) The skill assumes Node.js, a 'message' CLI (Clawdbot), and write access to /root/clawd and /root/clawd/transcripts, but these are not declared — verify what messaging credentials (e.g., Telegram token/CHAT_ID) and binaries are required. (4) Prefer running this in a sandboxed/isolated environment (dedicated VM or container) rather than on a shared host or as root; change hard-coded /root paths to a controlled directory. (5) If you need lower risk, ask the author for: explicit list of required binaries/env vars, ability to run with non-root paths, and a justification for the MCP server approach or an alternative that uses official APIs. Given the external code execution, do not enable automatic install or give this skill elevated privileges without manual review.

Like a lobster shell, security has layers — review code before you run it.

latestvk978bhe7sftchvghtnx599jyhx7zy0zh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments