video-transcripts

Warn

Audited by Socket on Jun 22, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The core purpose is coherent: fetch videos from GitHub/Linear and transcribe them with Google's Gemini API. However, the skill expands scope by harvesting auth from local cookie stores, `gh auth token`, and even `~/.bash_profile`, which is broader than a clean API-key-only transcript helper. Data flows go to official domains rather than an attacker proxy, so this is not clearly malicious, but the credential-handling and local secret discovery make it medium risk.

Confidence: 84%Severity: 63%
Audit Metadata
Analyzed At
Jun 22, 2026, 10:54 PM
Package URL
pkg:socket/skills-sh/udecode%2Fdotai%2Fvideo-transcripts%2F@ab1c179e1059756d9e2b400d5e08e05d9d34cbea1e09fc0805922ad3db4c7ee6
Security Audit — socket — video-transcripts