Skillv1.0.1

ClawScan security

Youtube Hq Downloader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 2, 2026, 4:08 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and docs match its stated purpose (download+merge via yt-dlp and ffmpeg) but there are a few implementation choices (shell invocation with unescaped user input, auto pip installs, and sourcing another skill's venv) that are disproportionate or raise risk and deserve review before running.
Guidance: This skill appears to do what it says (download and merge YouTube video/audio) but take precautions before running: 1) Inspect the code yourself (download.py and download.sh) and confirm you trust the yt-dlp package source. 2) Run the scripts inside an isolated environment (container or VM) rather than as your main user. 3) Do not pass untrusted/remote-provided URLs without sanitizing: the scripts interpolate the URL into shell commands (subprocess.run with shell=True and the bash script), which can allow command injection if an attacker controls the URL. 4) Note the shell script may source another skill's virtualenv ($HOME/clawd/skills/video-subtitles/.venv); verify that venv's contents before allowing it to be sourced. 5) To harden: use subprocess.run with argument lists (no shell=True) or shlex.quote inputs, and prefer to pip-install packages into an isolated venv manually. Also consider copyright/legal issues when downloading YouTube content.

Review Dimensions

Purpose & Capability: noteName/description match the included scripts: download.py and download.sh invoke yt-dlp and ffmpeg to fetch highest-quality video and audio and merge them. Requiring yt-dlp and ffmpeg (installed at runtime or system) is coherent. One minor oddity: download.sh checks and sources a virtualenv from another skill path ($HOME/clawd/skills/video-subtitles/.venv), which is not necessary for this skill's stated purpose and is unexpected.
Instruction Scope: concernSKILL.md and scripts instruct the agent/user to create a venv and pip-install yt-dlp and to run shell commands. The Python and shell scripts call external commands via shell execution and interpolate user-controlled URL/filename values directly into shell command strings (subprocess.run(..., shell=True) and shell scripts). This creates a command-injection risk if input is untrusted. The scripts do not read unrelated system config or environment secrets, but sourcing another skill's venv could execute arbitrary activation scripts from that other skill.
Install Mechanism: noteThere is no formal install spec; the runtime behavior installs yt-dlp into a local venv via pip if not present. Installing from PyPI is common for this use-case but is a higher-risk install vector than using a reviewed system package; users should verify the package and run installs in an isolated environment. No downloads from unknown URLs or extract steps are present.
Credentials: okThe skill does not request any environment variables, credentials, or config paths. The only file-path interaction is creating an output directory and optionally sourcing a venv. Requested access appears proportionate to the stated function.
Persistence & Privilege: notealways:false and no modifications to global agent config—reasonable. However, the shell script will create and reuse a .venv inside the skill directory (normal), and it may source a different skill's virtualenv if present, which gives it the ability to execute code from that other skill's environment during runtime (unexpected and worth checking).