Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
clawlite-video-content-engine
v1.0.1中文:将 YouTube 视频转化为 ClawLite 营销资产的内容引擎,覆盖摘要、短视频脚本、X thread 与博客输出,支持知识型内容复用与渠道化分发。 日本語:YouTube動画をClawLite向け教育・マーケ配信資産へ再構成。要約、短尺動画、Xスレッド、ブログ出力まで一貫して最適化。 한국어:You...
⭐ 0· 86·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is described as a YouTube→marketing content engine, which fits the included templates and output expectations. However, the SKILL.md explicitly recommends using yt-dlp for raw extraction and includes detailed NotebookLM UI automation JavaScript snippets. The metadata declares no required binaries, no install steps, and no environment variables. That is an incoherence: DOM/UI automation and yt-dlp imply the agent needs browser-automation capabilities, a headless browser or user browser session, and/or a local yt-dlp binary — none of which are declared. Asking to write to a stable output folder is also a capability requirement not documented in the skill metadata.
Instruction Scope
The instructions include precise UI automation guidance (prototype setter for textareas, querySelector examples, click rules, modal detection) and a screenshot-first workflow. Those DOM-manipulation snippets are specific to NotebookLM but could be reused to automate other web UIs if executed by an agent with web-control capabilities. The skill also instructs writing files to a stable folder structure (metadata.json, multiple md files). The SKILL.md does not limit or clarify what runtime will perform these actions (human-in-the-loop vs autonomous browser automation), nor does it require or request NotebookLM credentials. This gives the agent broad discretion to access web UIs and file system state that isn't documented.
Install Mechanism
There is no install spec and no code files beyond documentation, which minimizes the risk of arbitrary installs. That said, the workflow expects external tooling (yt-dlp, a browser automation capability or headless browser) but doesn't provide an install path or declare them as required. The absence of an install spec is safe by itself, but it increases incoherence because the instructions assume tooling the metadata doesn't declare.
Credentials
The skill requests no environment variables or credentials, which is good from a secrets-exfiltration standpoint. However, it assumes access to NotebookLM (a web product) and the user's ability to run UI automation or to be logged into NotebookLM in a browser session. Those implicit dependencies (authenticated browser session, access to YouTube, local yt-dlp binary) are not represented in requires.env or required binaries and are therefore not explicitly justified by the metadata.
Persistence & Privilege
The skill does not request persistent inclusion (always:false) and does not attempt to modify other skills or global agent settings in the documentation. It instructs creating stable output folders, which is a normal operational detail and not itself privileged. Autonomous invocation is allowed by default, but there is no additional privilege escalation or always:true setting.
What to consider before installing
This skill appears to be a well-documented content-pack workflow, but it relies on implicit runtime capabilities that are not declared. Before installing or running it, ask the provider or your platform operator: (1) Will the agent run UI/browser automation (and if so, which tool — Puppeteer, Playwright, a real browser with a user session)? (2) Is yt-dlp or a transcript-extraction tool available on the runtime, or do you need to install one? (3) Where will the generated files be written and who can access that folder? (4) Will NotebookLM be invoked via an authenticated user session (risk: screenshots and injected text can expose other user data)? If you want to proceed, require the skill to declare its runtime dependencies (binaries, required capabilities, and whether it needs interactive browser access) and limit its web-automation scope (explicit target domains only). If you cannot confirm those details, treat the skill as potentially risky to grant web automation or file-write privileges to.Like a lobster shell, security has layers — review code before you run it.
latestvk97adfqcwfn02yantavd8fr49183tj1f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.