ClawHub

YouTube Upload Videos Skill

v1.0.0

Uploads a video to YouTube using the official YouTube Data API v3 and OAuth 2.0. Use this skill when the user asks to upload a video to YouTube. It supports...

0· 400·1 current·1 all-time
by@brorlandi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description request uploading to YouTube; required binaries (python3, pip3), instructions to install the google API Python packages, and the included upload.py script all match that purpose. The script uses the YouTube Data API v3 and OAuth 2.0 as claimed.
Instruction Scope
SKILL.md and README focus solely on uploading videos and the OAuth flow. The runtime instructions require a client_secret.json and run the provided script; they do not instruct reading unrelated files, accessing unrelated environment variables, or sending data to third-party endpoints beyond Google's APIs.
Install Mechanism
This is an instruction-only skill (no automated install spec), but it directs the user to pip3 install standard google-auth packages. That is reasonable for the task; no remote downloads or unusual install actions are present.
Credentials
No environment variables or unrelated credentials are requested. The only required secret is the user-provided client_secret.json (OAuth client) and the script saves a local token.pickle for refresh/credentials — both are proportional to obtaining OAuth tokens for YouTube uploads.
Persistence & Privilege
The script persists OAuth credentials to token.pickle in the working directory (expected behavior). Users should be aware this file contains credentials and will persist on disk; the skill does not request broader system persistence or modify other skills.
Assessment
This skill appears to do exactly what it says: upload videos via the official YouTube API. Before using it: - Provide your own Google OAuth client_secret.json and keep it private. Do not paste it into public places. - The script will create token.pickle in the current folder which stores OAuth credentials—treat that file as sensitive, restrict its filesystem permissions, and remove it if you suspect compromise. - The script opens a local auth flow (browser/URL) on first run; run this only on a machine you control. - Install dependencies via pip in a virtualenv if you want isolation and to avoid supply-chain surprises. - Review the code yourself if you need stronger assurance (it uses google-api-python-client and only contacts Google APIs). Revoke the OAuth client or token from your Google account if you suspect misuse.

Like a lobster shell, security has layers — review code before you run it.

latestvk97971h2zn1hnarfd8w4rmerjn820mtc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📺 Clawdis
Binspython3, pip3

Comments