← 返回 Skills 市场

Youtube Lecture Analyzer

Name: Youtube Lecture Analyzer
Author: wallfacer-web

作者 wallfacer-web · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

423

总下载

当前安装

版本数

在 OpenClaw 中安装

/install youtube-lecture-analyzer

功能描述

Extracts and analyzes YouTube lecture subtitles to identify key points, evidence, and actionable insights for review, writing, and teaching purposes.

安全使用建议

What to consider before installing or running this skill: - The main red flag is that the script force-sets HTTP_PROXY and HTTPS_PROXY to http://127.0.0.1:26739. That will route the skill's HTTP(S) traffic through a local proxy without asking you. If you run a local proxy that forwards to a remote server (intentionally or because of a misconfiguration), that could expose transcript data or other HTTP traffic. If you don't run such a proxy, this may be harmless but still surprising behavior. - Actionable steps: - Inspect the script yourself. If you don't need the proxy, remove or comment out the two os.environ['HTTP_PROXY'] / HTTPS_PROXY lines before running. - Run the tool in an isolated environment (throwaway VM or container) the first time, and monitor outbound connections (e.g., with netstat/tcpdump) to confirm no unexpected external traffic. - Verify the declared dependencies (youtube-transcript-api) are installed from official sources. The declared 'requests' dependency is unused — consider removing it. - Confirm the source/trust: the package metadata lists a GitHub homepage but the provided 'Source' was unknown; prefer code from a verified origin or the official author. - Because the script writes analysis files to the current directory, ensure it runs in a folder where you are comfortable creating files. - Summary recommendation: do not run this in a sensitive environment until you either remove the hard-coded proxy lines or verify the local proxy behavior. The rest of the code appears to implement the stated function, but the forced proxy is an unexplained behavior that justifies caution.

功能分析

Type: OpenClaw Skill Name: youtube-lecture-analyzer Version: 1.0.0 The skill is classified as suspicious due to the hardcoded HTTP/HTTPS proxy configuration to `http://127.0.0.1:26739` in `scripts/analyze_lecture.py`. This dependency is also explicitly stated in `SKILL.md`. While the proxy is local and there's no direct evidence of malicious intent (e.g., data exfiltration to an external server), forcing all network traffic through an arbitrary local port without user configuration introduces a significant security risk, as it creates a potential interception point or reliance on an unknown local service.

能力评估

ℹ Purpose & Capability

Name/description align with using youtube-transcript-api to extract/analyze subtitles. However, the repo metadata and SKILL.md declare an HTTP proxy (127.0.0.1:26739) and list 'requests' as a dependency even though the script does not use requests; those additions are not explained by the stated purpose and are unexpected.

⚠ Instruction Scope

Runtime instructions and the included script perform only transcript fetching, text cleaning, summarization, console output, and writing a report file to disk (lecture_analysis_<video_id>.txt). But the script unconditionally sets HTTP_PROXY and HTTPS_PROXY to http://127.0.0.1:26739 before importing the transcript library — this forces all HTTP(S) traffic from the process through a local proxy without justification in the SKILL.md. Forcing a proxy is out-of-scope for a transcript analyzer and could be used to reroute network traffic if the local proxy forwards externally.

ℹ Install Mechanism

There is no install spec (instruction-only), which minimizes install-time risk. The package declares dependencies (youtube-transcript-api, requests) in _meta.json and SKILL.md, but there is no automated install step — the user or environment must install them. The 'requests' dependency is declared but unused in the code, an inconsistency but not itself malicious.

⚠ Credentials

The skill requests no external credentials, which is appropriate. But it forcibly sets HTTP_PROXY/HTTPS_PROXY environment variables to a localhost proxy. Requesting/forcing proxy environment variables without user consent is disproportionate to the task and is the primary security concern: if a local proxy is configured to forward traffic to an external server, transcript data (or other HTTP traffic from the process) could be routed through an attacker-controlled endpoint. No other environment variables or sensitive paths are requested.

✓ Persistence & Privilege

The skill is not marked always:true, does not modify other skills, and does not persist credentials or alter agent configuration. Its only persistent effect is writing an analysis text file to the current working directory, which is expected for a CLI analysis tool.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install youtube-lecture-analyzer
安装完成后，直接呼叫该 Skill 的名称或使用 /youtube-lecture-analyzer 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

YouTube 讲座字幕分析器 1.0.0 - 初始发布，支持从YouTube字幕自动抽取和分析讲座结构及重点 - 输出包括总论、结构地图、关键问答、核心概念、行动清单等多维信息 - 明确区分事实、观点、推断、建议，并为每个结论附原文引文 - 支持多语言字幕优先级设定和摘要提取 - 提供清晰命令行用法及依赖说明

元数据

Slug youtube-lecture-analyzer

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Youtube Lecture Analyzer 是什么？

Extracts and analyzes YouTube lecture subtitles to identify key points, evidence, and actionable insights for review, writing, and teaching purposes. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 423 次。

如何安装 Youtube Lecture Analyzer？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install youtube-lecture-analyzer」即可一键安装，无需额外配置。

Youtube Lecture Analyzer 是免费的吗？

是的，Youtube Lecture Analyzer 完全免费（开源免费），可自由下载、安装和使用。

Youtube Lecture Analyzer 支持哪些平台？

Youtube Lecture Analyzer 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Youtube Lecture Analyzer？

由 wallfacer-web（@wallfacer-web）开发并维护，当前版本 v1.0.0。