Skillv1.0.0

ClawScan security

Video Transcriber · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 11:49 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The SKILL.md describes a plausible video-transcription flow, but it requires running multiple local tools and a Python script in ~/.openclaw/extensions that the skill does not declare or install — verify those binaries and the script source before using.
Guidance: Before installing or using this skill: (1) verify that the Python script (~/.openclaw/extensions/...) and any extension it belongs to are from a trusted source—inspect its code before executing; (2) ensure yt-dlp, ffmpeg, jq, whisper-cpp and the ggml-tiny.bin model are installed from official/trustworthy releases and verify checksums where possible; (3) be aware the skill will download video audio to the local working directory and run local binaries (no network exfiltration is specified, but the get_transcript.py may access the network—inspect it); (4) if you need a packaged/safer setup, ask the author for an install spec or sources for the required tools and model so you can vet them before running.

Review Dimensions

Purpose & Capability: concernThe skill's description (Bilibili/YouTube transcription) matches the instructions, but the registry metadata declares no required binaries or env vars while the SKILL.md clearly requires python3 (a local get_transcript.py), yt-dlp, jq, ffmpeg, whisper-cpp, and a model file (ggml-tiny.bin). That mismatch (nothing declared vs. many required tools) is incoherent and worth flagging.
Instruction Scope: concernThe runtime instructions tell the agent to execute a specific Python script at ~/.openclaw/extensions/bilibili-youtube-watcher/scripts/get_transcript.py and run shell commands that download audio, transcode, and invoke whisper-cpp. Running a script from a user-home extensions path and executing arbitrary CLI tools is expected for this task but also risky if the script or installed binaries are untrusted — the SKILL.md gives no provenance for that script or the model file. It does not instruct exfiltration to unrelated endpoints, but it does reference an external Feishu doc for subtitles.
Install Mechanism: noteThere is no install spec (instruction-only), which minimizes what the skill writes to disk, but also leaves all installation and trust decisions to the user. The SKILL.md expects third-party binaries and a model file to already be present; it gives no secure download sources or verification steps for those artifacts (e.g., where to get ggml-tiny.bin or whisper-cpp). That gap increases operational risk if users fetch these components from untrusted locations.
Credentials: okThe skill requests no environment variables, credentials, or config paths in the registry metadata. The instructions do reference a path under the user's home (~/.openclaw/extensions) and will read/write local audio/transcript files, which is consistent with a local transcription workflow and does not require additional secrets.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request permanent platform presence or modify other skills' configs. It simply assumes pre-existing local tooling and files.