Extract transcripts, summaries, chapters, and key moments from public YouTube videos without needing an API key.
Security Analysis
medium confidenceThe skill implements a YouTube transcript/summary CLI that largely matches its stated purpose, but it runs shell commands with unescaped user input and contains documentation/dependency mismatches — review before use.
The SKILL.md says it "Uses YouTube's transcript API" (no API key) but the implementation actually calls the external binary yt-dlp to fetch video JSON and subtitles. package.json includes an npm dependency (youtube-transcript) that is not used in src/cli.js. These mismatches suggest sloppy packaging/documentation rather than outright malice, but they are inconsistent with the stated purpose.
Runtime code executes external commands via execSync (yt-dlp) with the user-supplied URL interpolated into a shell string (e.g., `yt-dlp --dump-json --no-download "${url}"`). Because the code constructs shell command strings directly from input, there's a command-injection risk if a maliciously crafted URL (or untrusted input) includes shell metacharacters or quotes. SKILL.md does not document the yt-dlp requirement (it claims using YouTube API), so an operator might not expect this shell execution behavior.
This is an instruction-only skill with no install spec. The package files are included but nothing is downloaded or extracted at install time by the registry; risk from install mechanisms is minimal.
No environment variables, credentials, or config paths are requested. The skill only reads/writes temporary files in the OS temp directory to store subtitle files, which is proportionate to its purpose.
The skill does not request 'always' presence and does not modify other skills or system-wide settings. It runs as a CLI tool invoked on demand (normal behavior).
Guidance
This skill appears to do what it claims (extract transcripts and generate summaries) but has a couple of red flags you should consider before installing or running it: - Command injection risk: The CLI calls yt-dlp by building shell command strings that include the user-supplied URL. If you or an agent could pass untrusted strings to this skill, a crafted input could execute arbitrary shell commands. Prefer an implementation that uses child_process.spawn with an args array or escapes input properly. - Documentation/dependency mismatch: SKILL.md claims using YouTube's transcript API, but the code uses yt-dlp; package.json includes an npm dependency that isn't used. This looks like sloppy packaging — verify the source and prefer a provenance you trust. - Runtime requirement: yt-dlp must be installed on the host. The script checks for it and exits if missing. Recommendations: 1) Only run this skill in a trusted, sandboxed environment or inspect/modify the code to sanitize inputs before use. 2) If you will accept URLs from external users or other agents, patch the code to avoid shell interpolation (use spawn with an args array or properly escape quotes), or validate/strictly whitelist URLs. 3) Consider removing unused npm dependencies and aligning documentation with actual behavior before using widely. If you want, I can suggest a safe-code patch (example: replace execSync string invocations with spawn or execFile) or produce a checklist to harden/run this skill safely.
Latest Release
v1.0.0
Initial release of yt-digest — extract summaries, transcripts, and key moments from YouTube videos. - Transcript extraction with timestamps for public YouTube videos - AI-generated summaries of video content - Chapter and highlight detection to identify key moments - Optional audio output of summaries (requires sag skill) - Simple CLI commands for transcripts, summaries, chapters, and full analysis
More by @0xRaini
Published by @0xRaini on ClawHub
