Youtube Lecture Analyzer
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: youtube-lecture-analyzer Version: 1.0.0 The skill is classified as suspicious due to the hardcoded HTTP/HTTPS proxy configuration to `http://127.0.0.1:26739` in `scripts/analyze_lecture.py`. This dependency is also explicitly stated in `SKILL.md`. While the proxy is local and there's no direct evidence of malicious intent (e.g., data exfiltration to an external server), forcing all network traffic through an arbitrary local port without user configuration introduces a significant security risk, as it creates a potential interception point or reliance on an unknown local service.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or running the skill may depend on whatever versions of these packages are available in the user's environment.
The skill relies on external Python packages that are expected for YouTube transcript access, but the provided artifacts do not pin versions or include a lockfile.
"dependencies": ["youtube-transcript-api", "requests"]
Install dependencies from trusted package sources and consider pinning reviewed versions if using this in a sensitive environment.
A local proxy could observe or mediate the YouTube transcript requests and returned caption data for videos the user analyzes.
The script routes its HTTP and HTTPS requests through a fixed localhost proxy. This is disclosed in SKILL.md and _meta.json, but the local proxy is outside the script's review scope.
PROXY = "http://127.0.0.1:26739"; os.environ['HTTP_PROXY'] = PROXY; os.environ['HTTPS_PROXY'] = PROXY
Use the skill only when the localhost proxy is expected and trusted, or remove/change the proxy setting before running it.
Transcript content is saved on disk in the current working directory and may remain after the task completes.
The script writes a local report containing the generated summaries and up to 10,000 characters of the fetched transcript.
output_file = f"lecture_analysis_{transcript_data['video_id']}.txt" ... f.write(transcript_data['full_text'][:10000] + "...")Run it in an appropriate directory and delete the generated report if the transcript should not be retained.
Users may receive a generic summary that sounds analytical but may not fully support the promised key points, evidence, or actionable insights.
The implemented summary is keyword/template-based rather than the detailed evidence-backed analysis described in SKILL.md.
sample = text[:800].lower() ... elif 'business' in sample or 'money' in sample: zh_summary += "讲座涉及商业策略和财富积累的内容。"
Treat the output as a draft and verify important claims against the transcript before using it for writing, teaching, or decision-making.