Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Yt Dlp Downloader
v0.1.0Download videos from YouTube, Bilibili, Twitter, and thousands of other sites using yt-dlp. Use when the user provides a video URL and wants to download it, extract audio (MP3), download subtitles, or select video quality. Triggers on phrases like "下载视频", "download video", "yt-dlp", "YouTube", "B站", "抖音", "提取音频", "extract audio".
⭐ 9· 6.5k·47 current·49 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description align with the runtime instructions (building yt-dlp commands for downloads, audio extraction, subtitles, quality selection). However the metadata omits expected requirements: the SKILL.md clearly requires yt-dlp and ffmpeg (and access to browser cookies for YouTube), yet no required binaries or config paths are declared. The source/homepage is unknown, which reduces traceability.
Instruction Scope
SKILL.md instructs the agent to construct and execute shell commands (yt-dlp, ffmpeg, pip/brew) and explicitly to use --cookies-from-browser (chrome). That implies reading browser cookie stores and writing downloaded files to user directories. The instructions also include an explicit directive to execute the download using a Shell tool with required_permissions: ["all","network"], which grants broad file and network access. Reading browser cookies and running arbitrary shell installs/commands are outside a minimal 'download helper' scope unless the user explicitly consents and the skill declares the access.
Install Mechanism
This is an instruction-only skill so nothing is written during install (low install-time risk). The guide recommends runtime package installs (pip install yt-dlp, brew install ffmpeg). That means the agent (or user) may be asked to install third-party packages at runtime — expected for this functionality, but installation commands modify system state and should be run intentionally by the user, not silently by an agent.
Credentials
No environment variables or credentials are declared, which is good. But the instructions require access to browser cookies (sensitive data) and file system write locations (~/Downloads/yt-dlp) without declaring required config paths or prompting for explicit consent. The SKILL.md's recommendation to use cookies-from-browser could expose many unrelated site cookies; this is disproportionate unless clearly authorized by the user.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable (normal). However the instructions call for shell execution with broad permissions and network access; if the agent invokes this skill autonomously, that increases the potential blast radius. This is not an automatic disqualifier, but you should ensure the agent prompts before running installs, accessing cookies, or writing files.
What to consider before installing
This skill appears to do what it claims (yt-dlp downloads) but the runtime instructions request sensitive actions that are not reflected in the metadata: it tells the agent to run shell commands, install packages, write files, and (for YouTube) extract browser cookies. Before installing or enabling the skill: 1) Only allow it to run when you explicitly approve each download/install; do not grant blanket 'all' permissions. 2) Prefer installing yt-dlp and ffmpeg yourself and decline automatic installs. 3) Be cautious about using --cookies-from-browser: it can expose browser cookies for many sites; if you don't want that, avoid or refuse that option. 4) Ask the publisher to declare required binaries/config paths in metadata and to remove the instruction that requests blanket required_permissions; if the author cannot explain why cookie access and wide shell permissions are needed, treat the skill as risky. 5) Consider running downloads manually if you are unsure about the skill or the unknown source.Like a lobster shell, security has layers — review code before you run it.
latestvk971rcvxqr0kz2ncym9ss74esx801ncj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.