ClawHub

Yt Dlp Downloader Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate video downloader, but it should be reviewed because it normalizes browser-cookie access and broad shell permissions without clear user consent.

Install only if you are comfortable with a downloader that may read browser cookies. Try cookie-free downloads first, require explicit approval before any `--cookies-from-browser` use, prefer a separate limited browser profile, confirm the exact output directory, and avoid granting blanket shell permissions when a narrower command workflow is available.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill repeatedly instructs use of `--cookies-from-browser` to access local browser session cookies in order to download YouTube content. That exceeds a basic downloader capability because it reads authenticated browser data from the host, potentially exposing account-scoped access and sensitive session material if misused or if output/logging is mishandled.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The workflow directs execution with `required_permissions: ["all", "network"]`, granting blanket shell authority far beyond what a video download task needs. If the skill is triggered on untrusted input or modified commands, this broad permission scope could enable arbitrary local actions, file access, or destructive commands in addition to network downloads.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises automatic handling of YouTube 403 errors with browser cookies but does not warn that `--cookies-from-browser` accesses authenticated browser session data. In a skill context, normalizing this behavior without disclosure can lead users or agents to expose sensitive account cookies and download content under an authenticated session without informed consent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The example command directly instructs use of `--cookies-from-browser chrome` without disclosing that it reads potentially sensitive authenticated cookies from the user's browser profile. Because examples are likely to be copied verbatim, this increases the chance of silent access to private session material in an automation context.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README advertises automatic handling of YouTube 403 errors by using browser cookies, but it does not warn that `--cookies-from-browser` accesses locally stored authenticated browser session data. In an agent skill context, this omission is security-relevant because users may not realize the command reads sensitive session material that could expose account state or private access if reused or logged.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The usage example directly includes `--cookies-from-browser chrome` as the suggested command without disclosing that it pulls authenticated cookies from the user's Chrome profile. Because examples are likely to be copied verbatim, this normalizes access to sensitive browser data and increases the chance users or agents invoke it without informed consent or proper handling of the extracted session material.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instructions tell the agent to use browser cookies for YouTube without clearly warning that this reads authenticated browser session data from the local machine. Users may believe they are only downloading a public video, while the skill silently expands scope to sensitive local credential material.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow instructs broad shell and network execution plus downloading to disk, but does not require a user-facing warning about network access, file writes, destination paths, or potential use of browser cookies during retries. This reduces transparency and increases the chance that sensitive local actions occur without informed user consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal