Is mehediahamed/youtube-transcription-generator safe?

https://github.com/openclaw/skills/tree/main/skills/mehediahamed/youtube-transcription-generator

86
SAFE

The youtube-transcription-generator skill is a functionally legitimate YouTube transcription utility with no detected prompt injection, hidden instructions, malicious code, or covert exfiltration behaviors. Its primary concerns are incompleteness (missing the Python scripts it references) and an undeclared dependency on a separate vlmrun-cli-skill required for full operation. In normal use, the skill will direct the agent to read .env files for an API key and upload video content to the external vlmrun service, both of which are the stated purpose but represent data-flow risks users should acknowledge.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 78/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 88/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (7)

LOW .env read normalized by skill workflow -10

SKILL.md directs the agent to check .env and .env.local for VLMRUN_API_KEY as part of its standard pre-flight checklist. While the intent is legitimate, any agent following this instruction gains full read access to the .env file, which typically contains many secrets beyond just the vlmrun key (database passwords, other API tokens, etc.). This normalizes a broad-scope sensitive file read in the agent's workflow.

LOW .env file exposure risk beyond intended API key -10

The agent is instructed to read .env to locate VLMRUN_API_KEY. If the user's .env contains additional secrets (database URLs, other service keys), these will be present in the agent's context window during execution, increasing the blast radius of any model-level data leak or logging.

LOW Video content transmitted to external vlmrun API service -12

The skill's primary function uploads downloaded YouTube video files to the vlmrun (Orion visual AI) API for transcription. This is the declared purpose, not a covert behavior, but it means local video content leaves the user's system to a third-party service. Users should be aware that video files processed by this skill are sent externally.

LOW Skill references Python scripts absent from installation -15

SKILL.md recommends 'python scripts/run_transcription.py' as the primary usage method, but no Python scripts were installed. The skill deployment contains only SKILL.md and _meta.json. This makes the skill functionally incomplete as documented and suggests the author may have omitted required files from the repository.

INFO Clean installation — only expected GitHub network activity 0

During installation, the only external network connection was to github.com (140.82.121.3:443) for the sparse git clone. No unexpected processes were spawned, no files were written outside the skill directory, and no unusual DNS queries were made. The install completed in approximately 12 seconds (03:40:07 to 03:40:19).

INFO Canary file accesses attributed to audit framework lifecycle -12

Sensitive files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, gcloud credentials) were accessed at 03:40:02 (16 seconds before skill installation began) and again at 03:40:24 (after all audit inspection steps completed). This symmetric pre/post timing is consistent with the oathe audit framework reading canary baselines and doing post-install verification. No skill-related process was traced to these accesses, and the canary integrity check confirms all files are intact.

LOW Undeclared functional dependency on vlmrun-cli-skill -20

SKILL.md references vlmrun-cli-skill four times as the required source for CLI setup, environment variable configuration, and usage examples. This dependency is not installed alongside this skill and is not declared in _meta.json. An agent following this skill's instructions would need to separately locate and load vlmrun-cli-skill, whose security properties are unaudited in this context. Without it, this skill cannot be fully used as documented.