Skillv1.0.0

ClawScan security

music-manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 8, 2026, 7:43 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent for a local music-downloader: the script invokes yt-dlp/ffmpeg to fetch and convert audio and the documentation matches the code, but it asks you to enable browser cookie extraction (sensitive) and assumes installing third-party tools.
Guidance: This skill appears to do what it claims: it runs a local Python script that calls yt-dlp to download and ffmpeg to convert audio. Before installing or running it, consider: (1) Browser cookies: enabling cookie extraction (BROWSER set to e.g. 'chrome') gives yt-dlp access to your browser session cookies — only enable this if you understand the privacy risk and trust yt-dlp on your machine. (2) Installation source: follow official install instructions for yt-dlp and ffmpeg (official releases or package manager) rather than untrusted downloads. (3) MUSIC_DIR: set the MUSIC_DIR to a directory you control to avoid overwriting important files. (4) Platform: SKILL.md uses brew (macOS); adapt install commands for Linux/Windows as appropriate. (5) Legality: downloading copyrighted content may violate terms or law in your jurisdiction — ensure you have rights to the media you fetch. If you want extra caution, run the script in an isolated environment (VM/container) and avoid enabling cookie extraction unless necessary.

Review Dimensions

Purpose & Capability: okName/description (download music from YouTube/Bilibili, convert to MP3, save by category) matches the included script and instructions. The script constructs yt-dlp arguments, writes files into a user-configurable MUSIC_DIR, and uses browser cookies optionally for logged-in downloads — all coherent with the stated purpose.
Instruction Scope: noteSKILL.md instructs editing the script to set MUSIC_DIR and optionally enabling cookie extraction from the local browser. That scope is expected for this task, but the cookie-extraction step is sensitive because it causes yt-dlp to read browser cookies (session tokens) from the user's browser profiles. The instructions also assume macOS-style install commands (brew) and do not provide alternatives for other OSes.
Install Mechanism: okThere is no install spec for the skill itself (instruction-only plus a small Python script). The README suggests using brew to install yt-dlp and ffmpeg — that’s a normal, low-risk recommendation, though platform-specific. The skill does not download or execute remote code itself.
Credentials: okThe skill does not request environment variables or external credentials. The only sensitive capability is optional browser cookie extraction (triggered by setting BROWSER), which is proportionate for accessing age-restricted/private content but should be considered sensitive because it exposes browser session cookies to yt-dlp.
Persistence & Privilege: okThe skill is not always-enabled and can only be invoked by the user or the agent per normal rules. It does not request persistent system privileges or modify other skills/configuration.