Skillv1.0.0

ClawScan security

YouTube Archiver · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 25, 2026, 5:02 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and configuration are consistent with its stated purpose of archiving YouTube playlists into markdown and optionally calling LLM providers; no evidence of hidden endpoints or unexplained credential requests was found, but it legitimately requires access to browser cookies and optional API keys for summaries which are sensitive and should be granted deliberately.
Guidance: This skill appears to do what it says, but it legitimately needs sensitive access in two places: (1) browser cookie access to fetch private playlists (on macOS the terminal may need Full Disk Access to read Chrome cookies) and (2) optional API keys for summaries/tags (the skill will read the env var name you place in .config.json). Before installing or running: review the scripts locally (they are included), prefer exporting cookies to a cookies.txt file rather than granting broad Full Disk Access when possible, run a dry-run first, and only provide API env var names that you intend the skill to use (avoid reusing env var names holding unrelated secrets). If you want to avoid remote providers, set provider to "none" or use a local provider such as Ollama. If you are uncertain, run the scripts in an isolated environment (container or VM) and inspect network activity during an initial run.

Review Dimensions

Purpose & Capability: okName/description match the implementation: scripts import playlists (yt-dlp), create markdown notes, add transcripts, and optionally call LLM providers for summaries/tags. The README, SKILL.md, and scripts reference the same workflow and configuration keys (playlists, browser, cookies_file, provider blocks). Requiring browser cookies / yt-dlp is coherent for private-playlist support.
Instruction Scope: noteRuntime instructions ask the agent/user to run the provided Python scripts, set an output directory, and (optionally) provide API provider config. They also instruct using browser cookie access (or cookies.txt export) to authenticate to YouTube and to grant macOS Full Disk Access to read Chrome cookies. That is within scope for importing private playlists, but it is a sensitive operation (accessing browser cookie stores). The instructions are explicit rather than open-ended (they don't instruct sweeping system enumeration).
Install Mechanism: okNo install spec; this is an instruction + script bundle. It uses yt-dlp (external dependency) and Python stdlib only. Not pulling code from arbitrary URLs or adding system-wide installers. Risk level is typical for a script-based skill that expects local dependencies to be present.
Credentials: noteThe skill declares no required environment variables, which matches the metadata. The configuration supports optional API provider keys via an api_key_env name (e.g., OPENAI_API_KEY). This is proportional: summaries/tags require provider keys, but the agent will only use environment variables whose names the user supplies in config. Be aware that the skill will read whichever env var name you place in .config.json, so do not point it at unrelated secrets.
Persistence & Privilege: okThe skill is not always-enabled and uses only per-output-directory state (.config.json, .yt-archiver.lock, .sync-state.json). It does not request platform-wide privileges beyond reading browser cookies (which is a user-granted OS/browser-level permission) and does not modify other skills or global agent settings.