Video Transcriber
Security checks across malware telemetry and agentic risk
Overview
The skill’s video transcription workflow matches its stated purpose, but it depends on unlisted local tools and uses a less-safe download option.
This appears safe to use for its stated purpose if you trust and verify the required local tools and the referenced bilibili-youtube-watcher extension. Prefer removing --no-check-certificate, and run transcription in a workspace where temporary audio files are acceptable.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The workflow may fail or may run code from another local extension that was not included in this review.
The skill relies on external binaries, a Whisper model file, and another extension script, while the supplied registry/install artifacts do not declare or install those dependencies.
python3 ~/.openclaw/extensions/bilibili-youtube-watcher/scripts/get_transcript.py "URL" --lang zh-CN ... yt-dlp ... jq ... ffmpeg ... whisper-cpp -m ggml-tiny.bin
Before use, verify that the referenced extension and tools are installed from trusted sources; the publisher should declare these dependencies in metadata or an install spec.
Disabling certificate checks can make downloads more vulnerable to network tampering or impersonation.
The download commands are relevant to video transcription, but the --no-check-certificate option disables TLS certificate validation.
yt-dlp --dump-json --no-check-certificate "URL" ... yt-dlp -f bestaudio --no-check-certificate "URL" -o audio.m4a
Use certificate validation by default and only disable it when the user understands the tradeoff and needs it for a specific failing source.