ClawHub
Back to skill
v1.2.0

Social Video Downloader

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:38 AM.

Analysis

This is a coherent social-video downloader with expected local command and package-install risks, but no evidence of hidden credential use, exfiltration, persistence, or destructive behavior.

GuidanceBefore installing, make sure you are comfortable installing yt-dlp/ffmpeg locally and running them on requested social-media URLs. Use the skill only when you clearly want a download, ensure you have rights to save or share the video, and verify the sent file path is the temporary downloaded media file.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SETUP.md
pip install --break-system-packages yt-dlp

# macOS
brew install yt-dlp ffmpeg

The setup asks users to install external command-line dependencies without version pinning; this is normal for a yt-dlp-based downloader, but it relies on trusted package sources and modifies the local environment.

User impactInstalling yt-dlp or ffmpeg from an untrusted or compromised source could affect the user's local machine.
RecommendationInstall dependencies from trusted package managers, consider pinning versions, and prefer an isolated environment such as pipx or a virtual environment where practical.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
scripts/download.py
cmd = [
        "yt-dlp",
        "-o", output_file,
        "--no-playlist",
        ...
        "--", url
    ]

    result = subprocess.run(cmd, capture_output=True, text=True, timeout=120)

The skill invokes the local yt-dlp binary through subprocess to download media. This is central to the stated purpose and the command is constructed without shell interpolation.

User impactUsing the skill runs local binaries, makes network requests to social-media sites, and writes a media file to disk.
RecommendationKeep yt-dlp and ffmpeg updated, run the skill only for URLs the user clearly asked to download, and keep outputs scoped to a temporary directory.
Agent Goal Hijack
SeverityLowConfidenceMediumStatusNote
scripts/download.py
meta_cmd = ["yt-dlp", "--no-playlist", "--print", "title", "--no-warnings", "--", url]
...
print(f"Title: {meta_result.stdout.strip()}")

The script prints a video title fetched from the external platform into the agent-visible output. That content should be treated as untrusted text and not as instructions or as a status marker.

User impactA confusing or crafted remote title could potentially distract the agent from the intended SUCCESS/ERROR parsing if the agent does not handle output strictly.
RecommendationParse only exact status lines produced by the script, preferably the final line beginning with SUCCESS:, and avoid treating titles or error text as instructions.