video-transcript
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent transcript-extraction skill, but it uses TranscriptAPI credentials, sends video links to an external service, and stores the API key for future use.
This skill is reasonable to install if you are comfortable sending YouTube links to transcriptapi.com and letting the agent store a TranscriptAPI API key. Prefer a secret manager for the key, monitor credit usage, and revoke the key if you no longer use the skill.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
TranscriptAPI will receive the video identifier or URL, and the user's TranscriptAPI credits may be used.
The primary workflow sends the user's YouTube URL or video ID to transcriptapi.com using the TranscriptAPI service. This is the stated purpose, but it is still an external API call and successful requests consume credits.
curl -s "https://transcriptapi.com/api/v2/youtube/transcript\?video_url=VIDEO_URL&format=text&include_timestamp=true&send_metadata=true"
Use the skill only for video links you are comfortable sending to TranscriptAPI, and confirm before bulk or high-volume transcript requests.
The agent may handle the user's TranscriptAPI key, email address, OTP, and resulting API key during setup.
The setup flow asks the user to provide a service API key or lets the agent create a TranscriptAPI account. This is purpose-aligned for accessing the transcript service, but it gives the agent delegated handling of account and credential material.
Do you already have a TranscriptAPI account? If yes, paste your API key and I'll set it up. If not, I can create a free account for you right now
Provide only a TranscriptAPI-specific key, avoid sharing unrelated credentials, and revoke or rotate the key from TranscriptAPI if you stop using the skill.
Anyone or any process with access to that stored environment secret may be able to use the TranscriptAPI key and credits until it is removed or revoked.
The skill intentionally persists the TRANSCRIPT_API_KEY so future sessions can use the service. That is useful and disclosed, but it leaves a long-lived credential in the user's environment.
Store it persistently using whatever method is correct for this environment... available in future sessions, including non-interactive shells
Store the key in the platform's secret manager when possible, confirm where it is saved, and remove or revoke it when uninstalling the skill.