Youtube Clipper Ko
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may process a private local video thinking it stays fully local, while its audio/transcript can be sent to external AI providers.
This privacy wording can lead users to believe their video-derived content stays local, but the included code and documentation also show OpenAI Whisper and Anthropic Claude API use for audio/transcript processing.
- **로컬 실행** — 영상 외부 서버에 올라가지 않음
Update the disclosure to clearly say that audio is sent to OpenAI for transcription and transcript text is sent to Anthropic for segment selection; ask for explicit user consent before processing private files.
Audio from the selected YouTube or local video may leave the machine for transcription.
The script sends the extracted audio file to OpenAI Whisper. This is purpose-aligned for transcription, but it is an external provider data flow involving potentially sensitive video content.
response = client.audio.transcriptions.create(
model="whisper-1",
file=f,
language=lang,Use this only with content you are allowed to send to OpenAI/Anthropic, and review those providers' data retention and privacy settings.
The skill can spend quota and process data under the user's OpenAI and Anthropic accounts.
The skill requires provider API keys. This is expected for the stated OpenAI/Anthropic integration, and the artifacts do not show hardcoded keys or credential leakage.
export OPENAI_API_KEY="sk-..." # Whisper 자막 추출 export ANTHROPIC_API_KEY="sk-..." # Claude Haiku 구간 선정
Use dedicated API keys where possible, monitor usage, and avoid sharing keys in logs or chat messages.
The installed dependency versions may change over time and could affect behavior or security.
The setup uses network-sourced code and unpinned Python packages. This is normal for the toolchain but leaves dependency provenance and version pinning to the user.
git clone https://github.com/thedalbee/youtube-clipper-ko pip install yt-dlp openai anthropic
Install from a trusted source, consider pinning dependency versions, and review the repository before running the script.
Running the skill can download media, consume disk space, and invoke local binaries.
The script invokes yt-dlp and ffmpeg-style local media tooling on user-provided inputs. This is central to the clipping purpose and is not shell-obfuscated, but users should expect local downloads and processing.
cmd = [
"yt-dlp",
"-f", "bestvideo[ext=mp4]+bestaudio[ext=m4a]/best[ext=mp4]/best",
"--merge-output-format", "mp4",Confirm the URL or file path before running and ensure yt-dlp/ffmpeg are installed from trusted sources.
Sensitive transcript or analysis files may remain on disk after processing.
The skill stores full transcripts and analysis outputs in its output directory. This is expected for the workflow, but those files may contain private speech content from local videos.
├── transcript.json # Whisper 전체 자막 + 타임스탬프 ├── viral_segments.json # 바이럴 구간 분석 결과
Review and delete output folders when processing private or confidential videos.