video-summarize
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill does what it says for video summarization, but its YouTube path uses Chrome browser cookies without declaring a credential requirement.
Review this skill before installing. The main functionality is consistent with video summarization, but YouTube processing uses Chrome cookies, so consider using a separate browser profile or avoiding YouTube links if you do not want the skill to access your logged-in session. Also review the dependency installer because it runs external package and model downloads.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill on YouTube links can use your logged-in Chrome/YouTube session, which may expose authenticated viewing access or account-specific data to the download process.
For YouTube links, the script reads Chrome browser cookies so yt-dlp can act with the user's logged-in YouTube session. The registry declares no primary credential or required config path, and the main SKILL.md says it only processes public videos.
if [[ "$VIDEO_URL" =~ youtube\.com|youtu\.be ]]; then
YTDLP_COOKIES="--cookies-from-browser chrome"
echo "ℹ️ YouTube 链接,将使用 Chrome cookies"
fiOnly run this if you are comfortable with Chrome cookie access. Prefer a separate browser profile or explicit cookies file, and the skill should declare this credential/session requirement clearly.
Installing the skill can run external code and add packages from Homebrew, PyPI, and Hugging Face, so your system depends on those sources being trustworthy at install time.
The user-directed installer downloads and runs external setup code, installs unpinned packages, and downloads an unpinned model. These are plausible dependencies for video transcription, but they expand supply-chain trust.
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" ... pip install yt-dlp -q ... curl -L -o "$MODEL_FILE" "https://huggingface.co/ggerganov/whisper.cpp/resolve/main/ggml-base.bin"
Review the installer before running it, run it in a controlled environment if possible, and prefer pinned versions/checksums for dependencies and model downloads.
Transcripts of processed videos remain on disk under the skill directory and may be reused later.
The skill intentionally stores raw transcripts and reuses them for later requests. This is disclosed and useful for caching, but it persists video-derived content locally.
- **Smart caching**: Same video returns cached result on subsequent requests
...
cache/{title}/
└── transcript_raw.txt # Raw transcriptDo not process sensitive videos unless you are comfortable with local transcript caching; delete the cache directory when you no longer need it.