Youtube Lecture Analyzer
PassAudited by ClawScan on May 10, 2026.
Overview
This skill generally does what it claims—fetches YouTube subtitles and writes an analysis—but users should notice the hardcoded local proxy, external Python dependencies, and local transcript file output.
Before installing or running, make sure you trust any localhost proxy on 127.0.0.1:26739, install the Python dependencies from trusted sources, and remember that the script writes a local analysis file containing transcript text even when the summary-only flag is used.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a local proxy is running, it may see the YouTube video IDs and transcript-fetching traffic; if it is not running, the skill may fail.
The script routes its HTTP/HTTPS requests through a hardcoded localhost proxy. This is disclosed and appears purpose-aligned for fetching transcripts, but it means video/transcript requests depend on a local proxy service.
PROXY = "http://127.0.0.1:26739" os.environ['HTTP_PROXY'] = PROXY os.environ['HTTPS_PROXY'] = PROXY
Use the skill only with a trusted local proxy, or edit the script to make the proxy optional/configurable.
Installing unpinned packages could pull different versions over time.
The skill relies on external Python packages, but the supplied artifacts do not include a pinned installation spec or lockfile. This is not suspicious by itself, but it affects reproducibility and dependency provenance.
"dependencies": ["youtube-transcript-api", "requests"]
Install dependencies from trusted package sources and consider pinning reviewed versions before use.
A user asking for only a summary may still get a local file containing transcript text.
The --summary-only flag is parsed, but the analysis function still writes transcript text into the output file. This differs from SKILL.md's described 'only get summary' usage.
summary_only = '--summary-only' in sys.argv ... f.write("完整字幕(去噪后):\n") ... f.write(transcript_data['full_text'][:10000] + "...")Treat outputs as local retained files; if summary-only behavior matters, modify the script to skip transcript writing when --summary-only is set.