Oathe Security Badge

Is michaelgathara/youtube-watcher safe?

https://clawhub.ai/michaelgathara/youtube-watcher

92
SAFE

This skill is a legitimate YouTube transcript extraction utility that uses yt-dlp to download video transcripts. The code is clean and does what it claims without hidden functionality.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

LOW Subprocess call with user input -15

The script passes user-provided URLs directly to yt-dlp via subprocess.run. While yt-dlp handles URL validation, this could potentially be exploited if yt-dlp has vulnerabilities.

INFO External network dependency -10

Skill makes legitimate network connections to YouTube API for transcript extraction, which is required for its stated functionality.

INFO External dependency installation -5

Skill requests installation of yt-dlp dependency, which is clearly documented and required for functionality.