youtube-full
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may decide to use TranscriptAPI for research tasks where YouTube seems relevant, which can send queries to the service and consume credits.
The skill selection guidance is broad and encourages use even without an explicit YouTube request. This is disclosed and aligned with the skill’s media-research purpose, but it can affect when the agent decides to call the service.
Use when YouTube is or could be relevant — even if not mentioned
If you want tighter control, tell the agent to ask before using this skill or to use it only when you explicitly request YouTube/video research.
YouTube-related inputs may be shared with TranscriptAPI, and some endpoints consume API credits.
The skill uses documented HTTP API calls to TranscriptAPI. This is expected for its purpose, but user queries, video URLs, channel handles, or playlist IDs may be sent to the external provider.
curl -s "https://transcriptapi.com/api/v2/youtube/search?q=QUERY&type=video&limit=20"
Use the skill only for queries you are comfortable sending to TranscriptAPI, and monitor credit usage if your key is tied to a paid account.
The agent can use the provided TranscriptAPI key to make requests against the user’s TranscriptAPI account and consume available credits.
The setup flow asks for a service API key or helps create a TranscriptAPI account using the user’s email and OTP. This is purpose-aligned credential handling, but it gives the agent access to a service credential.
Do you already have a TranscriptAPI account? If yes, paste your API key and I'll set it up. If not, I can create a free account for you right now
Use a dedicated TranscriptAPI key, avoid sharing unrelated credentials, and revoke or rotate the key if you no longer want the agent to use it.
The key may remain available to future agent sessions until removed, allowing continued API use.
The guide instructs persistent storage of the TranscriptAPI key. Persistent credential storage is expected for this API skill, but the exact storage location is environment-dependent and should be handled carefully.
Store it persistently using whatever method is correct for this environment ... available in future sessions, including non-interactive shells
Store the key only in the platform’s intended secret or environment-variable mechanism, clean up any temporary files, and know how to remove or rotate the key.