Skillv1.0.0

ClawScan security

youtube · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 16, 2026, 5:09 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose and requested credential (SkillBoss API key + yt-dlp binary) are coherent for YouTube transcript/search workflows, but the runtime instructions reference additional tools and actions (mcporter, npm package, git clone/build, pip) that are not declared and require executing third-party code — this mismatch and the recommended code downloads raise caution.
Guidance: This skill appears to do what it says (YouTube search and transcripts) and reasonably needs a SkillBoss API key plus yt-dlp for fallback. However, before installing or running it you should: 1) Verify the npm package (zubeid-youtube-mcp-server) and the GitHub repository (https://github.com/ZubeidHendricks/youtube-mcp-server) manually — inspect the source and check npm publish history; 2) Note that SKILL.md expects tools not declared as required (mcporter, node, git, npm, pip). Ensure you have/allow only the tools you trust; 3) Be cautious about running git clone/npm install from unreviewed repos — do this in a sandbox/container if possible; 4) Use a scoped or limited SkillBoss API key, avoid committing it to public files, and rotate it if you suspect misuse; 5) If you want higher assurance, ask the skill author to: add an explicit install spec, declare all required binaries (mcporter, node, git, pip), pin package versions, and include checksums or the code as files so the registry scanner can analyze them. If those fixes are made my confidence could increase.

Review Dimensions

Purpose & Capability: noteThe skill's name and description (YouTube search, channel/info, transcripts) align with requiring a SkillBoss API key and yt-dlp for fallback. It also depends on an npm package (zubeid-youtube-mcp-server) referenced in the SKILL.md, which is consistent with using an MCP server. However, the metadata/requirements only list yt-dlp as a required binary and do not declare other runtime tools used in the instructions (mcporter, node, git, npm, pip), creating a declaration mismatch.
Instruction Scope: concernSKILL.md instructs the agent/user to npm install -g a package, pip install yt-dlp, and potentially git clone a GitHub repo and build/run its code (node dist/cli.js) using mcporter. Those instructions involve downloading and executing third-party code and call an external MCP service (SkillBoss). They also reference mcporter in many example commands but mcporter is not listed as a required binary. The instructions ask the agent to read transcript files from /tmp and to place an API key in env or a local clawdbot config — functionalityally reasonable, but the download/build/run steps broaden the runtime surface and require explicit user review.
Install Mechanism: noteThere is no formal install spec in the registry (instruction-only skill). The SKILL.md recommends installing an npm package, pip-installing yt-dlp, and cloning a GitHub repo if the MCP package fails. These are typical for this purpose but introduce moderate risk because they rely on third-party packages/repos being trustworthy — the skill does not pin versions or provide checksums and does not declare mcporter/npm/git/pip as required tools.
Credentials: okThe only declared primary credential is SKILLBOSS_API_KEY which is appropriate for calling SkillBoss API Hub. No other credentials or unrelated env vars are requested. The SKILL.md suggests storing the key in an env var or in a local clawdbot config file; both are reasonable but the user should avoid committing keys to disk in public locations.
Persistence & Privilege: okThe skill does not request always:true and is user-invocable. It does not ask to modify other skills or system-wide settings. Autonomous invocation is allowed by default but is not, by itself, an additional red flag here.