ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

YouTube Distiller

v2.1.0

Automatically download subtitles from YouTube/Bilibili and generate structured knowledge articles in various summary styles using AI.

0· 61·0 current·0 all-time
by@sumo0221
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name/description (download subtitles & generate summaries) matches the code's behavior, but the registry metadata claims no required env vars or binaries while the code and README clearly depend on an external yt-dlp executable and an environment variable MINIMAX_API_KEY. Hardcoded Windows paths (C:\butler_sumo\...) are used throughout, which is reasonable for a desktop tool but is not declared in the registry and may be surprising to users on other platforms.
!
Instruction Scope
SKILL.md instructs running the bundled script, which is expected, but the script reads/writes multiple local directories (library/SumoNoteBook, tools, sync_log) and will attempt to create and modify files there. It also sends subtitle text to an external API (api.minimax.io). The runtime instructions and registry metadata do not disclose the env var requirement (MINIMAX_API_KEY) or the exact filesystem locations the skill will modify.
Install Mechanism
No install spec (instruction-only) — low installation risk. However, the code expects external binaries (yt-dlp at a hardcoded path, and optionally Whisper/faster-whisper) but the registry did not declare those dependencies or provide install steps. That mismatch can lead to unexpected failures or hidden assumptions about available tooling.
!
Credentials
The repository/code expects MINIMAX_API_KEY, but the skill metadata lists no required environment variables. Worse: the README/dev docs include a long API key literal (cleartext) and an API URL, which appears to be a real credential—this is a sensitive disclosure. Requesting a single provider API key for summarization is proportional, but (1) it should be declared in metadata and (2) embedding a key in docs is a serious security problem (leak/unauthorized reuse).
Persistence & Privilege
The skill is not always-enabled and is user-invocable (normal). It writes files to several shared/local directories (SumoNoteBook, sync logs), which is expected for a summarizer that syncs notes, but users should be aware it will create/modify files in those hardcoded paths. There is no evidence it modifies other skills or system-wide agent settings.
What to consider before installing
This skill mostly does what it claims, but there are several red flags you should address before installing or running it: - Do not trust the embedded API key in the README/dev docs. Treat it as leaked; if you or your org ever used it, rotate/ revoke it immediately. The presence of a literal key in the repo is a security problem. - The skill needs an API key (MINIMAX_API_KEY) though the registry metadata does not declare it — expect to set that env var yourself. Only provide a key you control and are willing to use with this third-party service. - The script expects yt-dlp at a specific Windows path and uses many hardcoded C:\butler_sumo paths. If you run this on a different OS or without those directories the script could fail or create files in unexpected locations. Review and, if needed, change the paths before running. - Review the code (youtube_distiller.py) locally to confirm it only sends subtitle text to the stated API and does not exfiltrate other data. Consider running it in an isolated environment (VM/container) and monitoring outgoing network requests on first run. - If you only want local summaries, consider removing or disabling the API calls and using an offline summarizer (or supply your own provider) so you don't send data to a third-party service. Given these inconsistencies (undeclared env var and binaries, hardcoded file paths, and a leaked-looking API key), treat this skill as suspicious until the repository owner clarifies and removes the exposed credential and documents required dependencies and filesystem behavior.

Like a lobster shell, security has layers — review code before you run it.

knowledge-distillationvk974qnwr3pc2jed19w9813r89s84ddmblatestvk974qnwr3pc2jed19w9813r89s84ddmbsumonotebookvk974qnwr3pc2jed19w9813r89s84ddmbvideo-summaryvk974qnwr3pc2jed19w9813r89s84ddmbyoutubevk974qnwr3pc2jed19w9813r89s84ddmb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments