Media Downloader
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: dl Version: 0.2.3 The skill is designed to download media from URLs using `yt-dlp`. While it involves network access, file system writes, and the agent sending downloaded files via Telegram, these actions are aligned with its stated purpose. Crucially, the `dl.py` script employs robust slugification (`python-slugify`) for all filenames and folder names derived from user input or media titles. This prevents path traversal and arbitrary file naming, effectively mitigating the risk of prompt injection leading to the exfiltration of sensitive system files (e.g., `~/.ssh/id_rsa`) via the agent's `message` tool, as the output path is strictly controlled and sanitized.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can download files to your computer and use disk space in your media folders.
The skill directs the agent to run a local downloader on a user-provided URL and create files in local media folders. This matches the downloader purpose, but it is still local file and network activity.
Run the script: `uv run --script ${baseDir}/dl.py "<url>"` ... Save into `~/Movies/` or `~/Videos/` ... `~/Music/`.Use it only for URLs you intend to download, and specify an output directory if you do not want files placed in default media folders.
If a cookie file is configured, downloads may use your logged-in website session for the requested media service.
The implementation supports passing a cookie file to yt-dlp. Cookie files can represent logged-in sessions for media sites, which is sensitive but expected for some restricted downloads.
candidates = [HERE / ".cookies.txt", os.getenv("DL_COOKIES_FILE"), os.getenv("COOKIES_FILE"), "~/.cookies.txt"] ... options["cookiefile"] = str(cookie_file)Only provide narrowly scoped cookie files you are comfortable using with yt-dlp, and remove or unset them when not needed.
Running the skill may install or update third-party Python packages used by the downloader.
The uv script declares external Python dependencies, with yt-dlp unpinned and other packages using minimum versions. This is normal for this purpose but means runtime behavior can depend on package-index updates.
# dependencies = [ "loguru>=0.7.3", "python-slugify>=8.0.4", "yt-dlp", ]
Run it in a trusted environment and consider pinning or locking dependency versions if you need reproducible behavior.
Downloaded audio may be sent through Telegram instead of staying only on the local machine.
The skill may transmit a downloaded audio file through the Telegram messaging tool when the session is on Telegram. This is disclosed and limited to the downloaded audio file, but it crosses a platform boundary.
If the user is on Telegram ... Use the `message` tool to send the file to the user
Use the Telegram upload behavior only when you intend the downloaded file to be sent through that chat.