ClawHub

OpenClaw YouTube Upload

v1.0.0

Uploads a video to YouTube using the official YouTube Data API v3 and OAuth 2.0. Use this skill when the user asks to upload a video to YouTube. It supports...

0· 315·0 current·0 all-time
by@brorlandi·duplicate of @brorlandi/youtube-upload
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included Python script and SKILL.md. Required binaries (python3, pip3) and the client_secret.json OAuth file are appropriate and expected for interacting with the YouTube Data API.
Instruction Scope
SKILL.md and the script only reference the video file, the client_secret.json file, and a local token.pickle for OAuth credentials. The auth flow uses an installed-app local server and requires user interaction on first run — this is expected. There are no instructions to read unrelated files, access unrelated environment variables, or send data to third-party endpoints outside Google APIs.
Install Mechanism
No automated install spec is provided (instruction-only). The README instructs installing standard Google API packages via pip from PyPI — a normal, proportional dependency for this functionality. No remote arbitrary downloads or archive extraction are present.
Credentials
No environment variables or unrelated credentials are requested. The single external secret required is a Google OAuth client_secret.json, which is necessary for the described OAuth flow. The script writes token.pickle locally (contains OAuth tokens) — this is expected but should be protected by the user.
Persistence & Privilege
The skill does not request always:true, nor does it modify other skills or system-wide settings. It stores OAuth tokens in token.pickle in the working directory, which is normal for installed-app flows and limited in scope to the user's environment.
Assessment
This skill appears to do exactly what it says: upload videos to YouTube via the official API using OAuth. Before installing or running it, review and follow these precautions: (1) Protect your client_secret.json and the generated token.pickle — they contain credentials/refresh tokens and should not be stored in public/shared directories. (2) Be aware the OAuth scope grants upload rights to the linked YouTube account; use a dedicated account or confirm permissions if you have multiple accounts. (3) First run requires interactive authentication (a browser or following a URL); the script opens a local server to complete the flow. (4) The README asks you to pip-install Google libraries from PyPI — ensure your environment's pip is trustworthy. (5) If you want token storage elsewhere or more restrictive handling, inspect/modify scripts/upload.py (token_file variable) before use. Overall the skill is internally consistent and coherent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bade5mkb5fnwfz5qxkg2p1h8218cw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📺 Clawdis
Binspython3, pip3

Comments