YouTube Music

ReviewAudited by ClawScan on May 10, 2026.

Overview

This appears to be a straightforward YouTube Music helper, but it relies on a locally stored authenticated browser session and can change your library or playlists.

Install only if you are comfortable giving the agent access to your YouTube Music account. Protect the generated `browser.json`, delete the temporary `headers.txt` after setup, and require confirmation before the agent changes playlists or library items.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI03: Identity and Privilege Abuse

What this means

Anyone or any agent process that can read the generated auth file may be able to act on the connected YouTube Music account.

Why it was flagged

The setup creates a persistent YouTube Music authentication file from a logged-in browser request. This is expected for ytmusicapi, but it grants access to the user's YouTube Music account and should be handled as a credential.

Skill content

Authentication file (`oauth.json` or `browser.json`) in the skill folder ... Copy as cURL (bash) ... setup_browser('browser.json', f.read())

Recommendation

Use a dedicated or least-sensitive account if possible, store `browser.json` securely, delete `headers.txt` after setup, and revoke/regenerate the credential if it is exposed.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

Mistaken use could like/unlike songs, create playlists, or add/remove tracks from playlists.

Why it was flagged

The documented API calls can modify the user's YouTube Music library and playlists. This is aligned with the skill's purpose, but these are real account mutations.

Skill content

Add/Remove: `yt.rate_song(videoId, 'LIKE')`, `yt.edit_song_library_status(feedbackToken)` ... `yt.create_playlist(title, description)` ... `yt.remove_playlist_items(playlistId, [videoIds])`

Recommendation

Ask the agent to preview intended changes and confirm before performing playlist or library mutations, especially removals.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

A changed or compromised dependency version could affect what code runs locally during use.

Why it was flagged

The skill depends on installing an unpinned Python package from the package ecosystem. This is central to the stated purpose, but the artifact does not pin a version or provide a lockfile.

Skill content

`ytmusicapi` package: `pip install ytmusicapi`

Recommendation

Install from the official package source, consider using a virtual environment, and pin a known-good ytmusicapi version if reproducibility matters.