Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Youtube S3 Uploader
v3.0.3Download videos from YouTube, Twitter/X, TikTok, Douyin, Bilibili and upload to S3-compatible storage. Universal video downloader with smart quality selectio...
⭐ 0· 97·0 current·0 all-time
by@aiastia
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The package code and README implement a YouTube/Universal video downloader that uploads to S3 (uses @aws-sdk/client-s3 and js-yaml), which is consistent with the name/description. However the registry metadata claims no required env/config paths or binaries, while SKILL.md and source require Node >=18, yt-dlp and ffmpeg. More importantly, the code reads configuration from a hard-coded workspace path (/home/node/.openclaw/workspace/.r2-upload.yml / .r2-upload.yml) while SKILL.md directs users to ~/.youtube-s3-uploader.yml — this mismatch is incoherent and unexpected for the declared purpose.
Instruction Scope
SKILL.md describes a local workflow that stores S3 credentials in a config file in the user's home. The actual scripts (video-to-s3-universal.js, youtube-to-s3.js, fixed-upload-video-to-s3.js) run shell commands (execSync/child_process.exec), call yt-dlp/ffmpeg and curl, and read/write files in hard-coded directories under /home/node/.openclaw/workspace and /home/node/.npm-global. The scripts will load S3 credentials from a specific path in the workspace rather than the home config shown in docs, meaning they may read credentials or other files from the agent workspace without an obvious prompt. These instructions broaden the agent's access beyond the simple download→upload flow described.
Install Mechanism
There is no formal install spec in the registry entry, but the package includes package.json and package-lock.json with npm dependencies (@aws-sdk/client-s3, js-yaml). The lack of an install mechanism in metadata contrasts with the presence of Node code that will need to be installed/executed. No remote arbitrary downloads are present in the install spec, so risk from install sources is moderate, but the runtime expects external binaries (yt-dlp, ffmpeg) at hard-coded paths which the platform/agent may provide — this mismatch should be resolved by reviewers.
Credentials
The skill metadata declares no required environment variables or config paths, yet the code requires S3 credentials (access_key_id, secret_access_key) and reads them from a YAML config. The code uses a default config path under the agent workspace (/home/node/.openclaw/workspace/.r2-upload.yml) rather than the documented ~/.youtube-s3-uploader.yml, creating a disproportionate and unexpected ability to access credentials stored in the agent workspace. The skill also expects binaries at fixed paths (/home/node/.npm-global/bin/yt-dlp, /home/node/.openclaw/workspace/ffmpeg), which is not declared.
Persistence & Privilege
The skill is not marked always:true, and does not explicitly request permanent presence. However, its code accesses the agent's workspace path (/home/node/.openclaw/workspace) and will read a config file there if present, giving it access to any credentials or data stored in that location. That ability to read workspace-scoped files is a meaningful privilege even without always:true and should be considered when granting the skill to an agent.
What to consider before installing
This skill appears to implement what it promises (downloading videos and uploading to S3), but there are several red flags you should address before installing or running it:
- Inconsistent config locations: The documentation asks you to create ~/.youtube-s3-uploader.yml, but the scripts load /home/node/.openclaw/workspace/.r2-upload.yml by default. That means if the agent platform has a config or credentials in its workspace, the skill may read and use them without your explicit intent.
- Hidden/ hard-coded paths: The code expects yt-dlp, ffmpeg, and a downloads/config directory at hard-coded locations under /home/node/.npm-global and /home/node/.openclaw/workspace. Confirm where these binaries run on your environment and whether those paths contain sensitive files.
- Undeclared secrets: The registry metadata says no env vars required, but the tool needs S3 access keys (in a config file). Treat that as a required secret; do not store unrelated credentials in the workspace path the script reads.
- Shell execution and network calls: The scripts execute external commands (yt-dlp, ffmpeg, curl) and will contact the S3 endpoints you configure. Review the code paths that build shell commands to ensure they do not allow unintended command injection in your usage patterns (e.g., be careful if calling the CLI with untrusted URLs).
Practical steps before using:
1. Inspect and, if needed, edit the scripts to point to a config file you control (e.g., ~/.youtube-s3-uploader.yml) rather than the hard-coded /home/node/.openclaw/workspace path.
2. Run the tool in an isolated environment/container with a dedicated S3 account (limited permissions) and non-production keys to verify behavior.
3. Ensure yt-dlp and ffmpeg are installed in safe, known locations and update paths in the scripts accordingly.
4. Review FixedS3Uploader.loadConfig and related code to confirm it only reads the expected config file and does not traverse other workspace directories.
5. If you store other sensitive credentials in the agent workspace, avoid installing this skill until the config-path mismatch is fixed.
If you want, I can highlight the exact lines that reference the workspace paths and suggest precise code edits to make the config path configurable and safe.scripts/fixed-upload-video-to-s3.js:272
Shell command execution detected (child_process).
scripts/video-to-s3-universal.js:98
Shell command execution detected (child_process).
scripts/youtube-to-s3.js:69
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97bag8wj648wexh6za4db1aq983qy9w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌐→☁️ Clawdis
OSLinux · macOS