youtube-tools

[Skill Scanner] Installation of third-party script detected This skill is consistent with its stated purpose (local YouTube downloads and transcript/metadata extraction using yt-dlp). I found no evidence of hidden network exfiltration, third-party credential forwarding, or obfuscated/malicious code in the provided text. The primary security considerations are standard supply-chain risk from installing yt-dlp and the sensitive nature of optional browser cookie usage for private or age-restricted content. Those behaviours are documented and expected for the feature set, but they warrant caution and code review of the scripts to confirm the documented safety controls are actually enforced. LLM verification: No direct malicious code or backdoor is present in the provided documentation fragment. Primary concerns are supply-chain and local-privacy risks: unpinned/unchecked installation of yt-dlp and ffmpeg, and the optional reading of browser cookies which can expose sensitive credentials. These are moderate risks that can be mitigated by version pinning, integrity verification, and explicit user warnings and protections around cookie usage and file outputs.