← 返回 Skills 市场
chapati23

Youtube Summary

作者 chapati · GitHub ↗ · v1.3.2
cross-platform ⚠ suspicious
613
总下载
0
收藏
1
当前安装
7
版本数
在 OpenClaw 中安装
/install yt-summary
功能描述
Summarize any YouTube video by dropping the link in chat. Supports custom prompts — paste the URL followed by your instructions (e.g. 'focus on the technical...
安全使用建议
This skill appears coherent and is likely safe to install for its stated purpose, but consider the following before using it: - TranscriptAPI.com will receive the video identifier and return transcripts; ensure you trust that service and understand its privacy/cost model (the README mentions a $5/mo plan). Transcripts (which may contain copyrighted or private content) are printed as JSON and then sent to your agent/LLM for summarization — avoid feeding sensitive videos unless you accept that exposure. - Store TRANSCRIPT_API_KEY securely (using the suggested 'pass' workflow or environment variable). The skill warns environment variables can be visible; using --api-key-file with a temp file reduces exposure in process listings. - Install Python deps in a virtual environment (pip install -r requirements.txt). The code calls the 'yt-dlp' binary as a fallback; ensure yt-dlp is available in your environment if you want metadata fallback to work. - The code defaults to English for transcript language detection; summaries will follow that value. If you need stronger guarantees about language detection or transcript integrity, review the extract.py implementation. - The SKILL.md prohibits fallback web_search and forbids fabricating transcripts; those are good safety constraints — verify the agent follows them. If you need anything changed (e.g., explicit declaration of yt-dlp as a required binary, different transcript provider, or not transmitting full transcripts to the model), ask the skill author or audit the runtime to implement that behavior.
功能分析
Type: OpenClaw Skill Name: yt-summary Version: 1.3.2 The skill is classified as suspicious primarily due to its explicit support for 'custom prompts' which allows direct prompt injection against the underlying Large Language Model (LLM). While this is an advertised feature for customizing summaries, it represents a significant risk where a user could instruct the LLM to generate harmful content or attempt to bypass its safety mechanisms. Additionally, the `SKILL.md` file instructs the agent to execute shell commands with user-controlled input (`YOUTUBE_URL_OR_ID`). Although the `scripts/extract.py` and `scripts/utils.py` files implement robust sanitization (via `extract_video_id`) to mitigate shell injection risks, the pattern of passing unsanitized user input directly into a shell command is a design that could be vulnerable if the sanitization were ever weakened or bypassed. There is no evidence of intentional malicious behavior such as data exfiltration or backdoors.
能力评估
Purpose & Capability
Name/description match the implementation: the skill extracts transcripts (TranscriptAPI.com) and summarizes them. The single declared credential (TRANSCRIPT_API_KEY) is exactly the API key used to call TranscriptAPI. The skill requires python3 and Python packages (requests, yt-dlp) which are reasonable for this task. Minor note: the manifest lists only python3 as a required binary even though the code invokes the 'yt-dlp' executable (provided by the yt-dlp package); this is an implementation/packaging detail, not a functional mismatch.
Instruction Scope
SKILL.md explicitly instructs the agent to run the included extract.py and to never fabricate transcripts or fall back to web_search. The script only reads the API key (from env or an api-key file) and the provided YouTube URL; it makes HTTP requests to YouTube oEmbed and TranscriptAPI and may call yt-dlp as a fallback. The script prints the full transcript as JSON on stdout (RESULT: ...), which will be consumed by the agent/LLM — be aware that full transcript text is transmitted to the model during summarization (privacy/copyright consideration). No instructions ask the agent to read unrelated files or credentials.
Install Mechanism
This is instruction-first (no automated install spec). It requires pip-installing requirements.txt (requests, yt-dlp) from PyPI — a standard, reasonable approach. There are no downloads from untrusted URLs or archive extraction. Users should run pip install in a controlled virtual environment.
Credentials
Only TRANSCRIPT_API_KEY is required and is used by the extraction script. The README/SKILL.md suggests an optional 'pass' workflow for secure key retrieval; that is optional and consistent with the stated purpose. No other unrelated secrets or system config paths are requested.
Persistence & Privilege
always is false and the skill does not request permanent system-wide privileges. It does not modify other skills or system-wide config. Autonomous invocation is enabled (platform default) but not combined with other concerning flags.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install yt-summary
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /yt-summary 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.2
Rewrite README: remove all fallback/proxy/youtube-transcript-api references. Docs now 100% consistent with shipped code. Single path: TranscriptAPI via env var or pass.
v1.3.1
Fix manifest/runtime mismatch: extract.py now reads TRANSCRIPT_API_KEY env var (matching declared primaryEnv). pass is optional. Both credential methods documented.
v1.3.0
Remove library fallback (youtube-transcript-api) and proxy code — TranscriptAPI is the single canonical path. Proper metadata.openclaw.requires with primaryEnv. Remove REVIEW.md. Sanitize error messages. Tighten video ID validation. Clean single-path docs.
v1.2.1
Fix ClawHub scanner: use correct metadata.openclaw.requires format with primaryEnv, declare bins/env, remove REVIEW.md containing old insecure examples
v1.2.0
Fix ClawHub scanner findings: declare requires.env (TRANSCRIPT_API_KEY), requires.bin (pass, python3), document optional YT_PROXY_URL
v1.1.1
Added README, LICENSE, cleaned up SKILL.md, removed internal review doc
v1.1.0
Initial ClawHub release: TranscriptAPI-powered YouTube summarization with custom prompts, datacenter IP bypass, and library fallback
元数据
Slug yt-summary
版本 1.3.2
许可证
累计安装 1
当前安装数 1
历史版本数 7
常见问题

Youtube Summary 是什么?

Summarize any YouTube video by dropping the link in chat. Supports custom prompts — paste the URL followed by your instructions (e.g. 'focus on the technical... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 613 次。

如何安装 Youtube Summary?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install yt-summary」即可一键安装,无需额外配置。

Youtube Summary 是免费的吗?

是的,Youtube Summary 完全免费(开源免费),可自由下载、安装和使用。

Youtube Summary 支持哪些平台?

Youtube Summary 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Youtube Summary?

由 chapati(@chapati23)开发并维护,当前版本 v1.3.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论