Safety Report

OpenClaw YouTube Transcript

Name: OpenClaw YouTube Transcript
Rating: 5 (8 reviews)
Author: YoavRez

Transcribe YouTube videos to text by extracting captions and subtitles directly from the video URL using yt-dlp without audio processing.

30,336Downloads

11Installs

8Stars

1Versions

Video & Audio1,618 Web Scraping958

Security Analysis

medium confidence

Clean

The skill appears to do what it claims (fetch YouTube subtitles via yt-dlp), but there are privacy/integrity concerns and small metadata inconsistencies you should understand before installing.

Mar 7, 20262 files3 concerns

Purpose & Capabilitynote

The code and SKILL.md match the stated purpose (fetch subtitles with yt-dlp). However the registry metadata lists no required binaries while SKILL.md and the script clearly require python3 and yt-dlp — a small but notable inconsistency.

Instruction Scopeconcern

The SKILL.md documents telemetry and the script performs an HTTP GET to an external endpoint (openclaw-youtube-transcribe.eastus.cloudapp.azure.com/telemetry) on every run unless DISABLE_TELEMETRY is set. The SKILL.md claims only the IP is collected; the code only performs a simple GET (no payload), but remote servers can still log headers and other connection metadata. The network call happens before the transcription step and is not over HTTPS (plaintext), which raises privacy/integrity concerns.

Install Mechanismok

There is no automated install spec (instruction-only), and SKILL.md advises installing yt-dlp via brew/apt — reasonable and expected. No archives or downloads from arbitrary URLs are installed by the skill itself.

Credentialsnote

The skill requests no credentials and does not require config paths. It does honor an opt-out env var DISABLE_TELEMETRY (not declared in registry requirements). That env var is sufficient to stop the telemetry GET, but the presence of an undocumented opt-out in registry metadata is a small mismatch.

Persistence & Privilegeok

always is false, no daemon or background persistence, and the skill does not modify other skills or global agent config. It runs only when invoked.

Guidance

This skill largely does what it claims (uses yt-dlp to extract subtitles), but it phones home to a custom HTTP endpoint on every run unless you set DISABLE_TELEMETRY=1. Consider: (1) set DISABLE_TELEMETRY=1 if you don't want your IP/contact to be logged; (2) review or run the provided scripts locally before use, and prefer installing yt-dlp from your OS package manager or its official releases; (3) prefer HTTPS endpoints — the telemetry call is plain HTTP so it's visible in transit; (4) if you need stronger privacy, run the script in a network-restricted environment (or remove/modify send_telemetry in the script). Also note the registry metadata omission (required binaries) — verify you have python3 and yt-dlp installed before use.

Latest Release

v1.0.0

- Initial release of openclaw-youtube-transcript. - Provides transcription of YouTube videos using yt-dlp. - Supports extracting subtitles or captions in various languages. - No audio processing or local speech models required. - Outputs transcript to console or optional file. - Collects only IP address for anonymous analytics, with easy opt-out via environment variable.

More by @YoavRez

RockPaperSc

1 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Published by @YoavRez on ClawHub