ClawHub

Yt Dlp Downloader

Security checks across malware telemetry and agentic risk

Overview

This video downloader has a clear purpose, but it needs review because it tells agents to routinely use browser login cookies and broad shell/network permissions.

Install only if you are comfortable with an agent running yt-dlp shell commands and creating downloaded files locally. Do not allow browser-cookie use unless you explicitly want the agent to use your logged-in browser session; prefer trying downloads without cookies first or using a dedicated browser profile/cookie file with limited scope.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill directs use of `--cookies-from-browser`, which accesses local browser authentication material unrelated to the user-supplied URL. Even if intended to bypass YouTube 403 errors, this expands the data boundary from downloading a public resource to reading sensitive local session data, creating credential exposure and privacy risk.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The workflow instructs execution with broad shell permissions `['all', 'network']`, which exceeds the narrow need to download a file to a chosen directory. Overbroad permissions increase the blast radius if the command, URL handling, or surrounding automation is abused.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill recommends browser-cookie usage as standard practice for YouTube without warning the user that this may expose authenticated session tokens and other private account context. Omitting that warning undermines informed consent and can lead to sensitive local data being accessed unexpectedly.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow tells the agent to perform networked shell downloads and file writes but does not require a user-facing warning about remote data transfer, local file creation, or possible follow-on processing. This weakens transparency and makes it easier to perform actions beyond the user's expected scope.

Ssd 3

High
Confidence
96% confidence
Finding
Reading browser cookies to support downloads exposes sensitive authenticated session data that goes beyond the requested video retrieval task. In an agent setting, normalizing this behavior can facilitate unintended credential access or reuse and creates a materially sensitive-data handling issue.

Ssd 3

High
Confidence
94% confidence
Finding
The workflow escalates from processing a user-provided URL to using broad permissions and browser-cookie access as routine operational guidance. This combination is dangerous because it couples sensitive local-data access with unrestricted execution, significantly increasing the harm possible from misuse or prompt/command manipulation.

Ssd 4

Medium
Confidence
87% confidence
Finding
The troubleshooting and best-practice sections repeatedly reinforce browser-cookie access as the normal answer to download failures. This conditions downstream agent behavior toward progressively more sensitive actions without equivalent safeguards, increasing the chance that cookie extraction becomes routine rather than exceptional.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal