YouTube Upload Videos Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill matches its YouTube-upload purpose, but it persists YouTube upload credentials in a relative token file and loads them with unsafe pickle deserialization.
Install only if you are comfortable granting YouTube upload permission. Confirm each video file and privacy setting, keep token.pickle private, delete or revoke the token when done, and avoid running the script where an untrusted token.pickle might exist.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can publish or upload videos to the user's YouTube account when invoked.
Uploading to YouTube, especially with a public privacy option, is a high-impact account action. It is purpose-aligned, but the user should explicitly verify the selected file and privacy setting.
Use this skill when the user asks to upload a video to YouTube. It supports titles, descriptions, privacy settings (public, private, unlisted)
Confirm the exact video file, title, description, and privacy setting before running the upload, especially for public uploads.
Anyone or any agent process able to use the stored token may be able to upload to the authorized YouTube account.
The skill persists delegated YouTube upload authority after OAuth. This is expected for the integration, but it means later uploads may not prompt the user to re-authenticate.
Once approved, a `token.pickle` file is generated locally, and subsequent uploads will run silently.
Use a dedicated Google account if possible, keep the token file private, delete token.pickle or revoke OAuth access when finished, and review uploads before allowing the agent to run the script.
Running the skill from an untrusted directory or with a malicious token.pickle present could execute unexpected local code.
Python pickle can execute code while deserializing. Because the token file is a relative path in the working directory, a tampered or attacker-supplied token.pickle could be loaded when the upload script runs.
token_file = 'token.pickle' ... creds = pickle.load(token)
Avoid running this skill in untrusted folders, remove unexpected token.pickle files before use, and update the implementation to store credentials in a safer format or a fixed private path rather than loading pickle from the current directory.
Users may install different dependency versions over time, with security and compatibility depending on PyPI resolution at install time.
The documented dependency installation uses unpinned package names. This is expected for a Python API integration, but it leaves exact versions and provenance to the user's environment.
pip3 install google-api-python-client google-auth-oauthlib google-auth-httplib2
Install dependencies in a virtual environment from trusted package sources and prefer pinned versions or a reviewed requirements file.