Skillv1.0.1

ClawScan security

Yt Dlp · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 12, 2026, 11:53 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose — it's an instruction-level wrapper around yt-dlp with no unexpected credential or install demands — though there are a couple of small documentation/packaging gaps you should be aware of before running it.
Guidance: This skill is a thin wrapper around yt-dlp and appears coherent. Before installing/using it: 1) ensure yt-dlp and ffmpeg are installed from official sources (pip, your OS package manager, or official GitHub releases) instead of running random curl|sh installers; 2) inspect the bundle (especially scripts/download.sh) — it attempts to use a .venv yt-dlp if present and otherwise calls system yt-dlp; 3) be cautious with cookies: using --cookies-from-browser can expose browser session cookies — prefer exporting a cookies.txt file and review it; 4) note a minor packaging gap: the script mentions 'scripts/setup' but that file is not included, so the script may fail if yt-dlp isn't already available. If you plan to let an autonomous agent use this skill, explicitly restrict use of browser cookies and confirm you trust the agent to run local commands that may write files to your download directory.

Review Dimensions

Purpose & Capability: okName/description match the included files: docs plus a simple wrapper script that calls yt-dlp and ffmpeg. Requested capabilities (download, format selection, metadata, cookies) align with what yt-dlp provides; no unrelated services or privileges are requested.
Instruction Scope: noteSKILL.md and references stay on-topic and only instruct use of yt-dlp/ffmpeg and the wrapper script. The wrapper does not read arbitrary files or network endpoints beyond yt-dlp's normal behavior. Note: the script warns to run 'scripts/setup' if yt-dlp isn't found, but no scripts/setup file is included in the bundle — this is a packaging/documentation gap (not evidence of exfiltration).
Install Mechanism: okNo install spec in the registry (instruction-only), which minimizes automatic disk writes. The docs recommend installing yt-dlp via pip or package managers and warn against untrusted curl|sh installers. The included references even show a GitHub release URL (a normal source).
Credentials: okThe skill requires no environment variables, no credentials, and no config paths. The docs caution about cookie use (which is appropriate) but do not attempt to access browser secrets themselves. This is proportionate to a downloader wrapper.
Persistence & Privilege: okalways is false and model invocation/autonomy is default. The skill does not request permanent presence or modify other skills. No elevated privileges or system-wide config modifications are attempted.