ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Yt Assemblyai Monitor

v1.0.1

YouTube channel monitor and video transcription using AssemblyAI cloud API. Pure Python + requests only — no ffmpeg, no Whisper, no extra tools needed. Monit...

0· 133·0 current·0 all-time
by大佬的鼠DonRat@azazlf09

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for azazlf09/yt-assemblyai-monitor.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Yt Assemblyai Monitor" (azazlf09/yt-assemblyai-monitor) from ClawHub.
Skill page: https://clawhub.ai/azazlf09/yt-assemblyai-monitor
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install yt-assemblyai-monitor

ClawHub CLI

Package manager switcher

npx clawhub@latest install yt-assemblyai-monitor
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose is YouTube monitoring + AssemblyAI transcription, which matches the code's behavior. However, the registry metadata declares no required environment variables or primary credential, while the SKILL.md and monitor.py require an ASSEMBLYAI_API_KEY (or data/config.json). That mismatch is incoherent and should have been declared in the skill metadata.
Instruction Scope
Instructions and code confine activity to fetching YouTube pages, extracting audio URLs via the innertube API, and submitting those URLs to AssemblyAI. The skill reads/writes files inside its own data/ directory (channels.json, processed.json, summaries, config.json). It does not attempt to read other system files or unrelated environment variables. It does, however, offer storing the API key in plaintext at data/config.json which raises disclosure risk if the host environment is shared.
Install Mechanism
There is no install spec — the skill is instruction/code-only and uses only the requests library. Nothing is downloaded or executed from external, arbitrary URLs during install.
!
Credentials
The skill requires an AssemblyAI API key to function (documented in SKILL.md and enforced in code) but the registry metadata does not declare this required credential. Requesting an API key for the service being used is reasonable, but storing it in a local plaintext config file is risky. Additionally, the code contains a hard-coded INNERTUBE_API_KEY fallback (a Google API key string) — using or exposing a fallback API key is unusual and may be inappropriate.
Persistence & Privilege
The skill is not always-enabled and does not request special platform privileges. It writes only to its own data/ directory and does not modify other skills or system-wide settings.
What to consider before installing
This skill appears to perform the advertised YouTube→AssemblyAI workflow, but there are two issues to consider before installing: (1) the registry metadata does NOT list the AssemblyAI API key requirement despite the SKILL.md and code requiring ASSEMBLYAI_API_KEY — provide the key only if you trust and understand the billing/usage implications; (2) the code includes a hard-coded innertube API key fallback (a Google API key string) and suggests storing your AssemblyAI key in data/config.json (plaintext) — prefer using the ASSEMBLYAI_API_KEY environment variable rather than a config file to reduce accidental exposure. Also note the provided scripts/monitor.py in the package snapshot is truncated, so the audit is incomplete; you should inspect the full source before running. Recommended actions: review the full monitor.py, run the script in a sandbox or isolated environment, avoid committing config.json to version control, and monitor your AssemblyAI account for unexpected usage after enabling the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bb698zd5jxv0nmxp2teswxn83j04w
133downloads
0stars
2versions
Updated 1mo ago
v1.0.1
MIT-0
大佬的鼠DonRat@azazlf09
latest
Download

YouTube Channel Monitor (AssemblyAI)

Monitor YouTube channels and auto-transcribe new videos using AssemblyAI cloud API. Zero local dependencies beyond requests.

Prerequisites

  1. AssemblyAI account: https://www.assemblyai.com/app/signup (free, 100 hours/month)
  2. API Key: from Dashboard
  3. requests library (usually pre-installed with OpenClaw/Python)

Setup API Key

Choose one:

# Option A: environment variable
export ASSEMBLYAI_API_KEY="your-key"

# Option B: config file
echo '{"api_key": "your-key"}' > data/config.json

How It Works

Channel page → innertube API → audio direct URL → AssemblyAI cloud → text + summary

No local audio download, no Whisper, no ffmpeg. AssemblyAI handles everything server-side.

Commands

# Transcribe a single video
python3 scripts/monitor.py now "https://www.youtube.com/watch?v=VIDEO_ID"

# Add a channel to monitor
python3 scripts/monitor.py add "https://www.youtube.com/@ChannelName/videos" "Alias"

# Check all channels for new videos + transcribe
python3 scripts/monitor.py check [count_per_channel]

# List channels
python3 scripts/monitor.py list

# Remove channel
python3 scripts/monitor.py remove "Alias"

Important Notes

  • Audio URL extraction uses YouTube's innertube API (pure requests).
  • Works on normal residential IPs. Datacenter IPs may get blocked by YouTube.
  • If audio URL extraction fails with UNPLAYABLE, the IP may be flagged — this is a YouTube limitation, not a bug.
  • Free tier: 100 hours/month of transcription.
  • Transcription takes ~70-80% of video duration.
  • Results saved to data/summaries/{video_id}.json.

Output Format

Each result includes:

  • text: full transcription
  • summary: AI-generated paragraph summary
  • confidence: transcription confidence score
  • utterances: timestamped segments with speaker labels

Files

PathPurpose
data/channels.jsonmonitored channels
data/processed.jsonalready-transcribed video IDs
data/summaries/*.jsontranscription results
data/config.jsonAPI key (optional)

Comments

Loading comments...