Video To Notes
Security checks across malware telemetry and agentic risk
Overview
This skill coherently turns user-provided videos or links into transcripts and notes, with expected local tools and downloads disclosed and no evidence of hidden exfiltration or destructive behavior.
This skill appears safe for its stated purpose. Before using it, confirm any dependency installation commands, only provide videos or links you are allowed to process, and remember that transcript and note files may contain private information.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run local transcription/download commands after your request, and may ask to install missing tools.
The skill uses local command execution and dependency installation, but it explicitly requires detection, reporting, full command disclosure, and user approval before installing anything.
必须征得用户明确同意 — 拿到 `yes` / `可以` / `装` 后再执行;不要直接后台静默安装
Approve only the commands you understand, and avoid granting installation permission unless you trust the packages and the source video.
Installing unpinned third-party packages can change what code is installed over time.
The skill documents installing external packages such as yt-dlp and openai-whisper without pinned versions; this is purpose-aligned for video download/transcription but carries ordinary package supply-chain risk.
`pip3 install yt-dlp`
If possible, install dependencies from trusted package managers, review package names carefully, and consider pinning versions in managed environments.
Private speech from videos may become transcript and note files and may be included in the AI conversation while notes are generated.
The skill reads generated transcripts into the agent context and creates persistent transcript/note files; the artifact discloses that these may contain sensitive content.
转写完成后,读取 `.txt` 文件,自动生成结构化学习笔记。… 隐私:转写稿和笔记可能包含敏感内容,完成后提醒用户检查并酌情删除
Do not process sensitive videos unless you are comfortable with local transcripts and AI-generated notes being created; review and delete outputs when needed.