Youtube Hq Downloader
v1.0.1Youtube Highest Quality Downloader - Download highest quality silent video and pure audio from YouTube, then merge into video with sound
⭐ 0· 382·0 current·0 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the included scripts: download.py and download.sh invoke yt-dlp and ffmpeg to fetch highest-quality video and audio and merge them. Requiring yt-dlp and ffmpeg (installed at runtime or system) is coherent. One minor oddity: download.sh checks and sources a virtualenv from another skill path ($HOME/clawd/skills/video-subtitles/.venv), which is not necessary for this skill's stated purpose and is unexpected.
Instruction Scope
SKILL.md and scripts instruct the agent/user to create a venv and pip-install yt-dlp and to run shell commands. The Python and shell scripts call external commands via shell execution and interpolate user-controlled URL/filename values directly into shell command strings (subprocess.run(..., shell=True) and shell scripts). This creates a command-injection risk if input is untrusted. The scripts do not read unrelated system config or environment secrets, but sourcing another skill's venv could execute arbitrary activation scripts from that other skill.
Install Mechanism
There is no formal install spec; the runtime behavior installs yt-dlp into a local venv via pip if not present. Installing from PyPI is common for this use-case but is a higher-risk install vector than using a reviewed system package; users should verify the package and run installs in an isolated environment. No downloads from unknown URLs or extract steps are present.
Credentials
The skill does not request any environment variables, credentials, or config paths. The only file-path interaction is creating an output directory and optionally sourcing a venv. Requested access appears proportionate to the stated function.
Persistence & Privilege
always:false and no modifications to global agent config—reasonable. However, the shell script will create and reuse a .venv inside the skill directory (normal), and it may source a different skill's virtualenv if present, which gives it the ability to execute code from that other skill's environment during runtime (unexpected and worth checking).
What to consider before installing
This skill appears to do what it says (download and merge YouTube video/audio) but take precautions before running: 1) Inspect the code yourself (download.py and download.sh) and confirm you trust the yt-dlp package source. 2) Run the scripts inside an isolated environment (container or VM) rather than as your main user. 3) Do not pass untrusted/remote-provided URLs without sanitizing: the scripts interpolate the URL into shell commands (subprocess.run with shell=True and the bash script), which can allow command injection if an attacker controls the URL. 4) Note the shell script may source another skill's virtualenv ($HOME/clawd/skills/video-subtitles/.venv); verify that venv's contents before allowing it to be sourced. 5) To harden: use subprocess.run with argument lists (no shell=True) or shlex.quote inputs, and prefer to pip-install packages into an isolated venv manually. Also consider copyright/legal issues when downloading YouTube content.Like a lobster shell, security has layers — review code before you run it.
latest
YouTube Highest Quality Downloader
Download the highest quality silent video and pure audio from YouTube, then merge into a video with sound using ffmpeg. 从YouTube下载视频的最高清无声版本和纯音频,然后使用ffmpeg合并为有声视频。
Features / 功能
- 🎬 Download highest quality silent video from YouTube (bestvideo) / 下载YouTube视频最高清无声版本
- 🎵 Download pure audio from YouTube (bestaudio) / 下载YouTube视频纯音频
- 🔧 Merge video and audio using ffmpeg / 使用ffmpeg合并视频和音频
- 🖥️ Runs independently, no dependencies on other skills / 独立运行,无需依赖其他技能
Usage / 使用方法
Quick Start
# Run the download script directly
python3 ~/clawd/skills/youtube-hq-downloader/download.py "YouTube_URL" [output_directory]
Full Workflow
# 1. Enter the skill directory
cd ~/clawd/skills/youtube-hq-downloader
# 2. Create virtual environment (first run)
python3 -m venv .venv
source .venv/bin/activate
pip install yt-dlp
# 3. Run download and merge
python3 download.py "https://www.youtube.com/watch?v=xxxxx"
# Or run step by step manually
./download.sh "YouTube_URL"
Manual Commands
# Activate environment
cd ~/clawd/skills/youtube-hq-downloader
source .venv/bin/activate
# Download video (highest quality, silent)
yt-dlp -f "bestvideo[ext=mp4]" "YouTube_URL" -o "%(title)s_video.%(ext)s"
# Download audio
yt-dlp -x --audio-format m4a "YouTube_URL" -o "%(title)s_audio.%(ext)s"
# Merge video and audio
ffmpeg -i "*.mp4" -i "*.m4a" -c:v copy -c:a aac -shortest "output.mp4" -y
Parameters / 参数说明
yt-dlp Video Download
-f "bestvideo": Download highest quality video format (may be WebM or MP4)- Output template:
%(title)s_video.%(ext)s
yt-dlp Audio Download
-x: Extract audio--audio-format m4a: Output as M4A format
ffmpeg Merge
-i "video.mp4" -i "audio.m4a": Input files-c:v copy: Copy video stream, no re-encoding-c:a aac: Convert audio to AAC encoding-shortest: Use shorter duration-y: Overwrite output file
Dependencies / 依赖
- ffmpeg: Video processing tool (macOS:
brew install ffmpeg) - Python 3.8+: Runtime environment
- yt-dlp: Will be auto-installed on first run
Auto Install / 自动安装
The script will automatically detect and use system-installed yt-dlp. If not found:
# Manual install yt-dlp
pip install yt-dlp
# Or use uv
pip install uv && uv pip install yt-dlp
FAQ / 常见问题
Q: Downloaded video has no sound?
A: This is normal. Using bestvideo only downloads the video track. You need to download audio separately and merge.
Q: Video resolution is too low?
A: YouTube may have regional or quality restrictions on certain videos. Try other formats like best instead of bestvideo.
Q: ffmpeg error "No such file"?
A: Make sure ffmpeg is installed: brew install ffmpeg
Q: How to specify output directory?
A: Pass the second parameter as output directory when running the script, or modify the OUTPUT_DIR variable in the script.
Comments
Loading comments...