Yt Dlp
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a straightforward yt-dlp video downloader wrapper, but users should review commands carefully when using browser cookies, broad options, or external installs.
Before installing, make sure yt-dlp and ffmpeg come from trusted sources. Use a dedicated download folder, review large playlist/channel requests, and avoid --cookies-from-browser unless you specifically need authenticated access; a manually exported cookies file is safer.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the agent may use your browser login state to access or download content from sites where you are signed in.
The skill discloses optional use of browser cookies, which can let yt-dlp act with the user's logged-in account session. This is purpose-aligned for authenticated media access and includes cautionary guidance, but it is sensitive authority.
Use Cookies (for age-restricted/premium content): ... scripts/download.sh "URL" --cookies-from-browser chrome ... For autonomous agents, prefer exporting a cookies.txt file manually to limit access to your active browser session.
Only allow cookie use for specific, intended downloads. Prefer a manually exported, scoped cookies.txt file over direct access to an active browser profile.
A broad playlist/channel download or an unexpected output path could create many files, overwrite intended locations, or consume disk space.
The wrapper forwards arbitrary supplied arguments to yt-dlp. That broad CLI passthrough is expected for this tool, but users should understand that options can affect download scope, output paths, and resource use.
DEFAULTS="--embed-metadata --embed-thumbnail --embed-subs --sub-langs all --merge-output-format mp4" ... "$YT_DLP" $DEFAULTS "$@"
Run the skill in a dedicated download directory and review URLs, options, and output paths before approving large or authenticated downloads.
The downloader binary you install will execute locally and its behavior depends on the external package or release you choose.
The guide documents installing the latest external yt-dlp binary with sudo. It points to the official project, but the version is unpinned and the installed binary is outside the reviewed skill artifacts.
sudo curl -L https://github.com/yt-dlp/yt-dlp/releases/latest/download/yt-dlp -o /usr/local/bin/yt-dlp
Install yt-dlp and ffmpeg from trusted package managers or verified releases, and consider pinning versions or checking signatures/checksums.