Is youtube-watcher safe?

https://clawhub.ai/Michaelgathara/youtube-watcher

85
SAFE

This skill is a straightforward YouTube transcript fetcher with a clean implementation. It contains a single Python script that uses yt-dlp to download subtitles and clean them for text output. The primary risks are the reliance on yt-dlp as a powerful external dependency and the lack of URL domain validation, but no malicious intent or dangerous patterns were detected. Clone monitoring showed zero side effects.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 68/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 72/100 · 5%

Findings (6)

LOW External subprocess invocation via yt-dlp -12

The Python script invokes yt-dlp as a subprocess to fetch subtitles. While the subprocess call uses list-based arguments (safe from shell injection), yt-dlp itself is a powerful tool capable of downloading arbitrary media from hundreds of sites. The --skip-download flag constrains it to subtitle fetching only.

LOW yt-dlp external dependency requirement -15

The skill requires installing yt-dlp, a large external binary with broad capabilities. The metadata offers both brew and pip install methods. While yt-dlp is a well-known open-source tool, it introduces a significant dependency with its own attack surface.

LOW No URL validation restricting to YouTube domains -18

The script accepts any URL and passes it to yt-dlp without validating it belongs to youtube.com or youtu.be. Since yt-dlp supports hundreds of video platforms, this could be used to interact with unexpected services.

INFO Clean SKILL.md with no injection patterns -5

The skill's markdown file contains only standard usage documentation, triggers, and examples. No prompt injection, hidden instructions, or manipulation techniques detected.

LOW VTT file glob pattern could match unexpected files -5

The script uses glob('*.vtt') in the temp directory and reads the first match. While the temp directory is freshly created and controlled, this pattern-based file selection is slightly less precise than targeting a known filename.

INFO Skill purpose aligns with implementation -10

The skill claims to fetch YouTube transcripts and that is exactly what the code does. No hidden functionality, no additional capabilities beyond stated purpose.