Skillv1.0.3

ClawScan security

Banner Youtube Translate Workflow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 6:10 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description matches a YouTube→translation workflow, but the package lacks the referenced code and points to a local Windows/WSL script path and GUI automation steps that are not bundled — this mismatch and reliance on local desktop automation is concerning.
Guidance: This skill's goal (YouTube → Doubao translation) is reasonable, but the package is inconsistent: it is instruction-only while its plugin metadata points to a local Windows/WSL script that is not bundled. Before installing or running, inspect the actual workflow.py at the stated path on the target machine and verify the four sub-skills (youtube-audio-download, doubao-launch, audio-play, doubao-capture) are trustworthy. Be cautious because the workflow uses GUI automation (can control the visible desktop) and reads/writes files under H:/ which could expose local data. If you don't control or trust the machine-local scripts, run this in a sandbox/VM, request the publisher to bundle the script or update the metadata to avoid local path dependencies, and require explicit explanations of what each referred sub-skill does (especially doubao-capture) before granting access.

Review Dimensions

Purpose & Capability: concernThe name/description (download YouTube audio, run Doubao, capture translations) is plausible, but the package is instruction-only yet openclaw.plugin.json declares an entry at /mnt/h/AI/.../workflow.py that is not included. A distributed skill should either bundle its script or not claim a host-local entry. Reliance on local Windows paths (H:/) and WSL cross-calls is disproportionate for an instruction-only skill and implies it expects preinstalled local artifacts.
Instruction Scope: noteSKILL.md restricts actions to four sub-skills (youtube-audio-download, doubao-launch, audio-play, doubao-capture) and describes expected outputs and paths. However it instructs using Windows GUI automation (requires visible desktop) and writing/reading specific Windows paths (/mnt/h/..., H:/works/), which grants access to the user's filesystem and desktop environment. The instructions also presume other skills exist but do not declare them as required tools.
Install Mechanism: concernThere is no install spec (instruction-only), which is low risk, but the plugin metadata contains an 'entry' pointing to a local file path on the user's H: drive via WSL. Because the referenced workflow.py is not bundled, the skill as-published expects and will reference arbitrary local code if invoked — this mismatch raises a risk that the agent will execute unreviewed local scripts.
Credentials: noteThe skill declares no required env vars or credentials (appropriate), but it mandates access to Windows filesystem paths (H:/works) and requires visible desktop GUI automation. That level of filesystem and UI access is more privilege than a pure API-only translation task and could expose unrelated local data if the invoked local scripts or downstream skills are malicious.
Persistence & Privilege: okalways is false and there is no indication the skill requests persistent or elevated platform privileges or modifies other skills' configs. Autonomous invocation is allowed (platform default) but not by itself a red flag.