ClawHub

Social Video Downloader

v1.2.0

Download videos from Instagram Reels, TikTok, YouTube Shorts, Twitter/X clips, and other social media platforms. Use when the user clearly wants to download/...

0· 70·0 current·0 all-time
by@elony-7
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match what is implemented: a wrapper around yt-dlp to download social media videos. The script and README only require yt-dlp/ffmpeg and no unrelated services or credentials.
Instruction Scope
SKILL.md directs the agent to verify download intent, run the included Python script, send the resulting file, and delete the temp file. The instructions reference only the script, a temp directory, and the message tool — all within the skill's stated scope.
Install Mechanism
No install spec in the registry; SETUP.md suggests installing yt-dlp and ffmpeg via system package managers or pip/brew, which is standard for this functionality. No arbitrary external downloads or archive extraction are used by the skill bundle itself.
Credentials
The skill requests no environment variables or credentials. The script performs hostname resolution and runs yt-dlp locally; there are no secret accesses or unrelated credential requests.
Persistence & Privilege
always is false and the skill makes no changes to other skills or global agent configuration. It does not request permanent presence or elevated privileges.
Assessment
This skill appears to do what it says, but consider these practical points before installing: 1) yt-dlp and (optionally) ffmpeg must be installed on the host; follow SETUP.md. 2) Ensure you have the right to download/share the content (copyright/legal risks). 3) The script resolves hostnames and prevents private-IP SSRF, but if you run this in a high-risk environment consider sandboxing it (network/DNS isolation) to limit DNS-rebinding or unexpected resolution behavior. 4) The agent will write temporary files (default /tmp) and attempt to remove them — confirm your runtime cleans up large files and enforces size limits. 5) If you need additional guarantees (e.g., explicit logging, stricter allowlist, or different temp directories), review and modify scripts/download.py before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk972a9ayd9qe87qdasfxh3fa7d83t8y8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments