YouTube Summary
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for YouTube summarization, with disclosed notes about installing an external CLI and optionally sending transcripts to OpenAI when an API key is used.
Before installing, verify you are comfortable installing the pinned youtube2md CLI and its dependencies. If video transcripts are sensitive, leave OPENAI_API_KEY unset and use extract mode; also remember that generated transcript and summary files may remain under ./summaries or the output path you choose.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You must trust the installed youtube2md package and its dependencies before using the skill.
The skill depends on an external npm-installed CLI that is not bundled in the reviewed artifacts. The version is pinned and the dependency is clearly disclosed, so this is a supply-chain notice rather than a concern.
Require preinstalled `youtube2md` on PATH. - Recommended pinned install: `npm i -g youtube2md@1.0.1`
Install the pinned version from a trusted source, and review or mirror the package in stricter environments.
Using the skill runs local commands and may create summary/transcript files on disk.
The runner executes the locally installed youtube2md binary and the included Python helper. This command execution is central to the skill's stated purpose and is hardened by resolving youtube2md from PATH and rejecting an arbitrary binary override.
"$youtube2md_path" "${cli_args[@]}" ... PREPARE_OUTPUT="$(python3 "$PREPARE_PY" "$EXTRACT_JSON_PATH")"Use it only in an environment where running the installed youtube2md CLI and Python helper is acceptable.
If you set OPENAI_API_KEY, the skill can spend/use access associated with that OpenAI account for summarization.
The skill can use a user's OpenAI API key for full summarization. This credential use is optional, documented, and purpose-aligned, with no evidence of unrelated credential handling.
`OPENAI_API_KEY` enables full summarization mode; transcript/content may be sent to OpenAI through youtube2md’s workflow.
Provide the API key only if OpenAI-based summarization is acceptable; omit it to use extract mode.
Video transcripts or related content may leave the local environment when full mode is used with an OpenAI key.
The artifacts explicitly disclose an external provider data flow in full mode and provide a local extract-mode alternative for sensitive content.
transcript text and/or related content may be sent to OpenAI APIs. If content is sensitive, do not set `OPENAI_API_KEY`; use extract-only mode
Do not set OPENAI_API_KEY for sensitive videos or environments where transcript sharing with OpenAI is not allowed.