Free transcripts, 4K downloads, and video exploration — zero API quotas burned.
Security Analysis
medium confidenceThe skill mixes genuinely local transcript/download functionality with YouTube Data API usage but its description and declared requirements contradict the README and code — it both claims “no credentials” and instructs you to create and store OAuth credentials and tokens with broad scopes.
The skill advertises “zero API quotas burned” and emphasizes free transcripts (which is true via youtube-transcript-api), but the README and scripts clearly implement many features that require the YouTube Data API (search, comments, playlists, subscriptions, channel info). The skill metadata/requirements list no credentials/env vars, yet the README and scripts instruct creating OAuth credentials and saving them to ~/.config/youtube-skill/credentials.json. This is a functional mismatch between the declared purpose/requirements and the capabilities implemented.
SKILL.md/README instruct the agent to invoke yt-dlp and youtube-transcript-api locally (expected), but also to obtain OAuth client credentials and run an auth flow. The script reads/writes files under ~/.config/youtube-skill and also checks an unexpected path (~/.config/gogcli/credentials.json). It runs a local webserver for OAuth (InstalledAppFlow.run_local_server) and stores tokens via pickle. The instructions therefore direct the agent to read, create, and persist credentials in user config paths — broader scope than the top-level description implies.
There is no automated install spec (instruction-only), which reduces supply-chain risk. The script lists Python dependencies (google API libs, youtube-transcript-api) and runtime use of yt-dlp is expected. Users must manually install packages and yt-dlp; no remote downloads or obscure URLs are used by the installer. This is moderate risk only because installation relies on third-party packages and yt-dlp, which the user must fetch.
Declared requirements list no environment variables or credentials, but the code expects an OAuth credentials JSON at specific home paths and will create token.pickle in ~/.config/youtube-skill. SCOPES include 'youtube' (full) and 'youtube.force-ssl' in addition to readonly — broader privileges than strictly necessary for read-only operations. The skill accesses and persists local config files without declaring them up front, which is disproportionate to the 'no credentials required' claim.
The skill writes its own token file to ~/.config/youtube-skill and may create credentials/token files; this is normal for an OAuth client. It does not set always:true and does not appear to modify other skills' configs. Persisting tokens via pickle is expected but carries the usual local-security risks if those files are later tampered with.
Guidance
This skill is not outright malicious but it is internally inconsistent and asks you to do things it claimed it wouldn't. Before installing or running it: - Understand the split: transcripts can be fetched without API keys (youtube-transcript-api) — you can use just that functionality without providing credentials. But search, comments, playlists, subscriptions, and some video details require the YouTube Data API and OAuth credentials; the README and script explicitly implement that flow. - If you must enable API features, review the code (scripts/youtube.py) yourself. Note the OAuth SCOPES include 'youtube' (broad, potentially write-capable) as well as readonly; consider restricting to readonly scopes if you only need read access. - Be aware the tool will store credentials and tokens under ~/.config/youtube-skill (and looks for an unexpected path ~/.config/gogcli/credentials.json). If you provide credentials, they will be written to disk (token.pickle) via pickle — keep that folder protected and consider filesystem permissions. - The skill invokes yt-dlp to download content — that will write files to disk and can execute subprocesses; run in a sandbox/container if you want to limit filesystem/network exposure. - Confirm you trust the source/owner (no homepage, owner unknown). If you only need transcripts, avoid the OAuth setup and only install the transcript-related dependencies. If you need API-backed features, prefer to create OAuth credentials with the minimum scopes, inspect/modify the script to remove unnecessary scopes/paths, and run the skill in an isolated environment. If you want higher confidence that this package is safe, ask the owner for a canonical repository link and a signed release, or request the author to remove broad scopes and to document the exact files that will be written and why.
Latest Release
v4.2.2
Humor boost: 200/month upgrade line
More by @globalcaos
Published by @globalcaos on ClawHub
