youtube-search-api-skill
PassAudited by ClawScan on May 1, 2026.
Overview
The skill matches its stated purpose: it runs a Python helper that sends YouTube search parameters to BrowserAct using your BrowserAct API key, with no hidden exfiltration, persistence, or destructive behavior evident.
This looks safe for its stated purpose if you trust BrowserAct and are comfortable sending your YouTube search queries to it. Configure the API key securely, prefer environment variables over chat messages, and use sensible result limits to avoid unnecessary runtime or quota use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run a local command that triggers a BrowserAct workflow, which may take time and could consume BrowserAct quota.
The skill instructs the agent to execute a local Python helper and allows one retry. This is central to the stated purpose and bounded, but users should know it will run local code and start an external API task.
python -u ./scripts/youtube_search_api.py "KeyWords" "Video_type" Date_limit ... Automatic retry is limited to only once.
Use reasonable search limits, confirm the intended query parameters, and interrupt or stop the run if it appears stalled.
Whoever runs the skill can use the configured BrowserAct account for this workflow.
The script uses a BrowserAct API key from the environment to authorize API requests. This is expected for the integration, and the artifact does not show the key being logged or sent elsewhere.
api_key = os.getenv("BROWSERACT_API_KEY") ... headers = {"Authorization": f"Bearer {api_key}"}Set the key as an environment variable rather than pasting it into chat when possible, use a scoped/revocable key if available, and rotate it if exposed.
Search terms and workflow parameters are visible to BrowserAct as part of normal operation.
The script sends the user's search keywords, result type, and limit to BrowserAct's external API. This is disclosed and purpose-aligned, but it is still a third-party data flow.
API_BASE_URL = "https://api.browseract.com/v2/workflow" ... {"name": "KeyWords", "value": keywords}Avoid using highly sensitive or confidential search terms unless you are comfortable sharing them with BrowserAct.