Video News Downloader
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent and purpose-aligned, but users should notice that it can set up scheduled jobs and network-accessible local video servers.
This skill appears safe for its stated purpose if you want automated news downloads. Before installing, confirm you are comfortable with daily cron jobs, public-interface HTTP servers on ports 8093 and 8095, and the required local tools such as yt-dlp. Stop the servers and remove cron jobs when you no longer need them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Other users on a reachable network could access the downloaded video files and any other files placed in those served directories.
The server is intentionally started in the background and bound to all network interfaces, so the served video directory may be reachable from other machines if the host network allows it.
cd "$dir" && nohup python3 -m http.server $port --bind 0.0.0.0 > /dev/null 2>&1 &
Only start the servers when needed, use firewall rules or bind to localhost if the videos should stay private, and avoid storing unrelated private files in the served directories.
The automation may continue to use network bandwidth, disk space, and compute time on a daily schedule after setup.
The skill can add recurring cron jobs that keep downloading and preparing subtitle proofreading tasks daily until removed.
VIDEO_CRON="0 12 * * * cd $SKILL_DIR && python3 scripts/video_download.py --cbs --bbc --proofread >> $WORKSPACE/logs/video-download.log 2>&1"
Review the schedule before installing it, monitor the log files, and use `bash scripts/setup_cron.sh remove` if you no longer want the recurring jobs.
The skill may fail unless required tools are already installed, and users must trust the local versions of those tools.
The downloader depends on the external yt-dlp command even though the registry requirements list no required binaries or install specification.
"yt-dlp", "--flat-playlist", "--playlist-end", "1",
Install dependencies from trusted sources, keep them updated deliberately, and consider documenting required binaries before deployment.