ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Yt Dlp Download Skill

v1.0.1

yt-dlp-powered downloader for YouTube, Bilibili, X (Twitter), TikTok/Douyin, and more. Given a video URL, download video (720p/1080p/best), extract MP3/audio...

0· 55·0 current·0 all-time
bywangxiaolei@fatelei
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, required binaries, and permissions align with a downloader built around yt-dlp and ffmpeg. Requesting shell, filesystem, and network access is expected for downloading and saving media.
!
Instruction Scope
The SKILL.md instructs the agent to 'validate URL scheme' and 'construct safe commands', but the included scripts/download.sh does not validate or sanitize the URL and uses eval to execute the assembled command string. This mismatch creates a realistic command-injection vector if an attacker or malicious input supplies a crafted URL. The SKILL.md's guidance about avoiding arbitrary shell execution is not enforced by the script.
Install Mechanism
Installers declared (uv package for yt-dlp and Homebrew formula for ffmpeg on macOS) are reasonable and traceable. 'uv' appears to be a package installer (pipx/uv style) rather than an arbitrary URL download. No extracted arbitrary archive URLs or personal servers are used.
Credentials
No environment variables or unrelated credentials are requested. Declared requirements (yt-dlp and optionally ffmpeg) match the stated functionality.
Persistence & Privilege
always is false and the skill has no config paths requiring broad system access. However, the skill is granted shell/filesystem/network permissions (necessary for its function) — combined with the command-execution practice in the script this increases the blast radius if untrusted inputs are processed or the agent is permitted autonomous execution.
What to consider before installing
This skill appears to do what it claims (use yt-dlp to download media), but it includes a helper script that builds a shell command and runs it via eval without validating URLs. That creates a command-injection risk: a maliciously crafted URL could cause arbitrary commands to run. Before installing or enabling this skill: - Inspect or replace scripts/download.sh. Prefer invoking yt-dlp with an argument array (no eval) or use bash exec with properly quoted parameters. Validate the URL scheme (http/https) and reject or sanitize unexpected characters (quotes, semicolons, backticks). - If you still want to use it, do not enable autonomous invocation for this skill (require user confirmation before any download), or run it in a strict sandbox/container. - Be cautious about the '--cookies-from-browser' behavior: it can access browser cookies if yt-dlp can read them — only use when you understand and consent to that. - If you lack the ability to audit/patch the script, prefer running yt-dlp manually or using an alternative skill with safer command invocation. If you proceed, apply the minimal-privilege principle and only enable the skill for trusted users/contexts.

Like a lobster shell, security has layers — review code before you run it.

latestvk978f1730tj7d3ww3kzwha8a3h83wrfa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

⬇️ Clawdis
OSmacOS · Linux · Windows
Binsyt-dlp
Any binffmpeg

Install

Install yt-dlp (uv/pipx)
Bins: yt-dlp
uv tool install yt-dlp
Install ffmpeg (brew)
Bins: ffmpeg
brew install ffmpeg

Comments