Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Youtube Instant Article
v0.1.0Transform YouTube videos into Telegraph Instant View articles with visual slides and timestamped summaries. Use this skill whenever a user shares a YouTube URL (youtube.com or youtu.be) and asks to summarize, explain, or process the video. This is the DEFAULT skill for all YouTube video requests - do NOT use the generic summarize tool for YouTube.
⭐ 1· 2k·4 current·4 all-time
by@viticci
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Functionality (extract slides, summarize via an LLM, upload images, publish to telegra.ph) matches the skill name and description. Required tools (summarize, jq, curl, optionally ffmpeg) are reasonable for the task. However the registry metadata declares no required environment variables/credentials while the SKILL.md and scripts require TELEGRAPH_TOKEN and expect an OpenAI key (OPENAI_API_KEY) for summarize; that mismatch is an incoherence.
Instruction Scope
SKILL.md and the scripts instruct sourcing a specific .env file (SKILL.md shows an absolute path /Users/viticci/clawd/.env) and the wrapper script also sources $HOME/clawd/.env — these are surprising and out-of-band for a general skill. The scripts read local .env files and will use any secrets found there. The runtime instructions also force use of the generate.sh pipeline and the included workflow is prescriptive (e.g., 'NEVER manually create Telegraph content'), reducing user control. Network interactions are limited to expected endpoints (OpenAI via summarize tool, catbox.moe for images, and telegra.ph), but the instructions encourage automatic access to secrets from local files without declaring them in metadata.
Install Mechanism
No install spec is provided (instruction-only), so nothing is downloaded or written by an installer. That lowers supply-chain risk. The SKILL.md and scripts require third-party binaries (summarize via a tap, jq, curl, optionally ffmpeg) which is proportionate to the task. No arbitrary URL downloads or archive extraction are present in the provided files.
Credentials
The skill uses TELEGRAPH_TOKEN (required by generate.sh) and implicitly requires an OpenAI API key for summarization (SKILL.md and README call out OPENAI_API_KEY / GPT-5.2). Yet the registry metadata lists no required env vars or primary credential. Additionally, the scripts explicitly source a project's .env and a user-specific path ($HOME/clawd/.env and SKILL.md's /Users/viticci/clawd/.env), which could cause the skill to read secrets not declared or expected by the installer. Requiring Telegraph and OpenAI credentials is reasonable for the feature, but failing to declare them and sourcing arbitrary .env locations is disproportionate and surprising.
Persistence & Privilege
The skill is not 'always:true' and does not request elevated system privileges or modify other skills. It cleans up temporary files by default and only writes user-visible files if the user runs setup.sh (which outputs the token) or uses --debug. Nothing in the files tries to persist in agent-wide configuration or modify other skills. Autonomous invocation is enabled (default) but not by itself problematic; combined with the other concerns it increases the importance of verifying secrets handling.
What to consider before installing
Key things to consider before installing or running this skill:
- Secrets are required but not declared: The scripts expect TELEGRAPH_TOKEN and the summarize workflow expects an OpenAI key (SKILL.md/README), yet the registry metadata lists no required env vars. Confirm the manifest is updated to declare these credentials before trusting the skill.
- Unexpected .env sourcing: SKILL.md suggests sourcing /Users/viticci/clawd/.env and the wrapper will source $HOME/clawd/.env if present. That is unusual: the skill may read any secrets in those files. Do not run the scripts if you keep unrelated secrets in such files; instead set only the necessary env variables in a controlled shell or dedicated .env in the project directory.
- Inspect network endpoints: The scripts upload images to catbox.moe and publish pages to api.telegra.ph; these are expected but are network calls that send image data and the Telegraph access token. If you have policy concerns about public image hosting or third-party storage, replace or review that behavior.
- Run in a sandbox first: Execute the scripts in a controlled environment (throwaway account / container) to confirm behavior. Use a test Telegraph account and a limited OpenAI key or billing guard to avoid unexpected costs or exposure.
- Request fixes from the publisher: ask the skill author to (1) declare required env vars in registry metadata (TELEGRAPH_TOKEN, OPENAI_API_KEY), (2) remove hard-coded personal paths (/Users/viticci/...) and the unexpected $HOME/clawd/.env sourcing, and (3) document exactly what is read/sent. If the author cannot justify those oddities, avoid using the skill.
Confidence: medium — the code contains clear mismatches and surprising behavior, but there is no direct evidence of intentional exfiltration to unknown endpoints; the issues could be sloppy packaging or an oversight. Additional confirmation (author clarification or updated manifest) would raise confidence.Like a lobster shell, security has layers — review code before you run it.
latestvk973eh0pw2d65fr5mc759rj2rd7zrm6t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.