Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Youtube Data CLI
v1.0.0Full YouTube Data API v3 CLI covering all 20 resources: search, channels, videos (upload/update/delete/rate), playlists, playlist items, comments, subscripti...
⭐ 0· 43·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to implement the full YouTube Data API (including write/delete/upload operations), which legitimately requires API keys and OAuth client credentials/refresh tokens. However, the registry metadata lists no required env vars, no primary credential, and no required config paths. That omission is inconsistent with the described capabilities (uploads/deletes require OAuth refresh tokens and client secrets).
Instruction Scope
SKILL.md explicitly instructs the agent/user to resolve credentials from env vars (YOUTUBE_API_KEY, YOUTUBE_CLIENT_ID, YOUTUBE_CLIENT_SECRET, YOUTUBE_REFRESH_TOKEN) and from ~/.config/youtube-data-cli/credentials.json. Those paths and env vars are not declared in the skill metadata. The instructions otherwise focus on running the CLI and do not ask to read unrelated system files, but the implicit access to a home credentials file is material and should have been declared.
Install Mechanism
There is no install spec in the skill bundle, but SKILL.md recommends installing via `npm install -g youtube-data-cli`. Installing from the public npm registry is a common pattern, but the skill metadata not declaring an install method or a verified homepage/source means users cannot easily verify the package's provenance from the skill record — you should inspect the npm package/source before installing.
Credentials
SKILL.md expects sensitive credentials (OAuth client ID/secret and refresh token) and a credentials file in the user's home directory, yet the skill declares no required env vars or config paths. Requesting a refresh token with the recommended full YouTube scope grants broad privileges (upload/delete/manage) and is disproportionate to a metadata-free skill record; users must be warned and limit scopes or use read-only API keys where possible.
Persistence & Privilege
The skill does not request always:true, does not ask to modify other skills or system-wide settings, and does not declare autonomous-disable. Autonomous invocation is allowed (platform default) but is not combined here with 'always' or declared persistent privileges.
What to consider before installing
This skill's instructions legitimately require OAuth credentials and a credentials file, but the skill metadata does not declare those requirements or a source/homepage. Before installing or using it: (1) ask the publisher for the package source (npm package name, GitHub repo) and verify the code; (2) avoid placing long-lived refresh tokens in broadly writable locations — prefer short-lived or limited-scope credentials; (3) if you only need read-only operations, use an API key or restrict OAuth scopes (do not grant full https://www.googleapis.com/auth/youtube unless necessary); (4) inspect ~/.config/youtube-data-cli/credentials.json and any npm package contents for unexpected behavior; (5) rotate credentials after testing and consider running the CLI in an isolated environment. The mismatch between declared metadata and the runtime instructions is the main red flag — treat this skill as untrusted until you can verify its source and the npm package contents.Like a lobster shell, security has layers — review code before you run it.
latestvk977893rf3n5d9g6pmx17zzrt184ff24
License
MIT-0
Free to use, modify, and redistribute. No attribution required.