← Back to Skills Marketplace
574
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install youtube-notification-analysis
Description
Analyze YouTube notifications for investment and trading insights. Use when user wants investment advice from YouTube, analyzing stock crypto or financial co...
Usage Guidance
This skill is internally inconsistent in ways that matter for safety: it tells the agent to download videos and run a local speech model, and—most importantly—to execute trades via a separate skill, but it declares no binaries, install steps, or credentials. Before installing or enabling it: 1) Confirm how trading will be authorized — never give live brokerage credentials without explicit, auditable confirmation and least-privilege controls; prefer a sandbox/test account. 2) Ensure yt-dlp and whisper-cpp (and the model file) come from trusted sources and understand disk/CPU impact. 3) Require explicit human confirmation before any trade execution and audit/logging to a secure location (not world-readable /tmp). 4) Verify the tiger-trade skill (or any trading integration) separately — check what credentials it needs and how it transmits orders. 5) If you don’t want automated trades, disallow autonomous invocation for this skill or remove the trade-execution steps from its instructions. If you want a lower-risk test, run the skill in a restricted environment with no trading credentials and monitor file/network activity.
Capability Analysis
Type: OpenClaw Skill
Name: youtube-notification-analysis
Version: 1.0.2
The skill is classified as suspicious due to its explicit capability to "execute trades" using a `tiger-trade` skill, which represents a high-risk financial operation. Additionally, the `SKILL.md` file contains shell commands using `yt-dlp` with unsanitized placeholders (`<video_url>`, `VIDEO_ID`), which introduces a shell injection vulnerability if the AI agent or user input is not properly sanitized. While there is no evidence of intentional malicious behavior like data exfiltration or backdoors, these combined factors present significant security risks.
Capability Assessment
Purpose & Capability
The name/description (YouTube notification analysis for investment insights) is plausible, but the SKILL.md calls for capabilities that are not declared: it expects yt-dlp and whisper-cpp binaries and a 'tiger-trade' skill to execute trades. The registry metadata lists no required binaries, env vars, or primary credential, which is inconsistent with a skill that will download videos, run local speech models, and place trades.
Instruction Scope
Runtime instructions tell the agent to open YouTube in a browser, click a specific notification element, extract video IDs from snapshots, download videos and subtitles, run a local speech model (whisper-cpp) and then 'execute trades' using tiger-trade. The trade-execution step is out-of-band for a passive analysis skill and grants broad operational authority (network calls, account operations) without describing constraints or confirmations. Instructions also write logs to /tmp and reference local model paths (whisper-cpp/models/ggml-base.bin) not provided.
Install Mechanism
There is no install spec (instruction-only), which by itself is low risk, but the instructions assume presence of external tooling (yt-dlp, whisper-cpp binary and model files). Those are not declared as required and no safe install source is provided; the skill's workflow expects large model files and binaries that would need to be fetched/installed by the agent or operator — the absence of a vetted install mechanism is a gap.
Credentials
The skill intends to execute trades but declares no required environment variables or credentials (API keys, broker account tokens). Placing trades requires sensitive credentials and auditing/confirmation. The SKILL.md does not explain where trading credentials come from, how trades are authorized, or what permissions tiger-trade needs. This is disproportionate and risky for a user-facing skill that can act on financial accounts.
Persistence & Privilege
always:false (good). The skill is allowed to be invoked autonomously by default (platform normal). Combined with the instruction to execute trades, autonomous invocation increases potential harm if the agent is permitted to call tiger-trade without human confirmation. The skill does not request persistent system-wide changes, but it does write logs to /tmp (temporary) and expects local models — both require local storage and could leak sensitive context if not managed.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install youtube-notification-analysis - After installation, invoke the skill by name or use
/youtube-notification-analysis - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- Removed the `/ytb_trade` command and related trigger phrase from documentation.
- All other workflow and analysis steps remain unchanged.
v1.0.1
- Updated investment analysis section to clarify focus on stock, crypto, macro finance, and market trends from YouTube notifications.
- No changes to workflow or commands.
- Documentation now better describes the analysis scope.
v1.0.0
YouTube Notification Analysis skill initial release:
- Analyze YouTube notifications for investment and trading insights.
- Automates workflow: navigates notifications, extracts relevant video IDs, retrieves and transcribes subtitles, then summarizes investment advice.
- Integrates with tiger-trade skill for trade execution based on analysis.
- Supports subtitles extraction via yt-dlp and fallback to whisper-cpp if needed.
- Targets popular crypto and finance channels for enhanced relevance.
- Command triggers: `/ytb_trade` or "基于 youtube 的投资".
- All analysis logs saved to `/tmp/youtube_investment_*.log`.
Metadata
Frequently Asked Questions
What is Youtube Notification Analysis?
Analyze YouTube notifications for investment and trading insights. Use when user wants investment advice from YouTube, analyzing stock crypto or financial co... It is an AI Agent Skill for Claude Code / OpenClaw, with 574 downloads so far.
How do I install Youtube Notification Analysis?
Run "/install youtube-notification-analysis" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Youtube Notification Analysis free?
Yes, Youtube Notification Analysis is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Youtube Notification Analysis support?
Youtube Notification Analysis is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Youtube Notification Analysis?
It is built and maintained by esanle (@esanle); the current version is v1.0.2.
More Skills