Download Anything
v0.1.1Find and download virtually any digital resource from the internet — ebooks, academic papers, movies, TV shows, music, software, images, fonts, courses, and...
⭐ 1· 673·4 current·4 all-time
byEthanL@hacklyc
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (download-anything) aligns with the included scripts (yt-dlp, aria2, gallery-dl, spotdl workflows). The required environment/credentials section lists none, which is plausible for a downloader toolkit. However, the documentation and scripts explicitly rely on local browser cookies, local tool configs (e.g. ~/.config/yt-dlp/, gallery-dl oauth), and optionally running daemons — capabilities that imply access to local user secrets/configs even though no env vars/config paths are declared.
Instruction Scope
SKILL.md and the scripts instruct the agent to use --cookies-from-browser, read or instruct the user to export browser cookies, consult user config files, search and scrape numerous external sites (including shadow libraries and cloud-drive search engines), and contain examples for starting aria2 JSON-RPC. Those instructions explicitly expand scope beyond simple 'download from a provided URL' into reading local browser state and potentially automating interactions with third-party sites, which is broader than the metadata declares.
Install Mechanism
There is no binary blob download; install-toolkit.sh uses standard package managers (brew/apt/dnf/pip/npm) which is an expected, lower-risk approach. Caveats: pip/npm global installs are unvetted by the skill and run on the host; the installer runs system package installs (sudo apt-get / dnf) where available. No opaque remote archive extraction is performed by the skill itself.
Credentials
The registry declares no required secrets, but the instructions tell the agent to access browser cookies, local config files, and optional OAuth setup (gallery-dl, yt-dlp cookies-from-browser). The references also show how to enable aria2 RPC (rpc-listen-all, rpc-allow-origin-all) which, if used, could expose a local RPC port without authentication. These capabilities justify explicit disclosure of required access but the skill metadata does not declare them.
Persistence & Privilege
always:false and normal model invocation settings. The skill does not request permanent / forced inclusion or claim it will modify other skills or system-wide agent settings. It is an instruction/toolkit bundle that would run on demand.
What to consider before installing
What to consider before installing:
- Functionality: The scripts do what they claim — orchestrate yt-dlp, aria2, gallery-dl, spotdl, etc. — and the install script uses standard package managers.
- Local secrets/configs: The instructions repeatedly recommend using browser cookies (yt-dlp --cookies-from-browser), gallery-dl OAuth, and tool config files. These actions require access to your local browser profile and config files; only proceed if you understand and accept that.
- Insecure RPC: Documentation examples show running aria2 with RPC options (listen-all / allow-origin-all). Do NOT enable aria2 JSON-RPC bound to all interfaces or without authentication on an untrusted network — it exposes a remote-control surface for downloads.
- Legal & safety: The references include “shadow libraries”, cloud-drive search engines, and torrent/DDL workflows. This increases legal and malware risk depending on what you download. The skill’s purpose is broad (including infringing content); that’s a policy/legal risk you must evaluate.
- Audit before running: Read the included scripts (they are plain shell) and the installer to ensure you’re comfortable with each command. Prefer running in a sandbox/VM/container or an isolated account rather than your primary workstation.
- Use trusted hosts: Examples that call external services (Cobalt examples, self-hosted instances) require you to trust the service; avoid sending URLs or data to public/untrusted endpoints.
- If you proceed: install packages manually rather than running the installer blindly, avoid enabling aria2 RPC without auth, and avoid providing browser cookies to untrusted processes. If you want, I can highlight the exact lines that access cookies/configs and show a safer aria2 startup example (RPC restricted to localhost with token).Like a lobster shell, security has layers — review code before you run it.
latest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Download Anything
Find it. Download it. Any resource, any format.
Toolkit
# Install all tools at once
bash scripts/install-toolkit.sh
| Tool | Install | Purpose |
|---|---|---|
yt-dlp | brew install yt-dlp | Video/audio from 1800+ sites |
aria2c | brew install aria2 | Multi-thread downloads, torrents |
gallery-dl | pip3 install gallery-dl | Batch image/media, 170+ sites |
spotdl | pip3 install spotdl | Spotify playlists → local files |
wget | brew install wget | Recursive downloads, site mirroring |
curl | pre-installed | HTTP requests, API calls |
ffmpeg | brew install ffmpeg | Media conversion |
jq | brew install jq | JSON parsing for automation |
Decision Tree
| Want to download... | Tool / Approach |
|---|---|
| YouTube / social media video | scripts/dl-video.sh URL (auto-detects Bilibili cookies) |
| Audio from any video URL | scripts/dl-audio.sh URL |
| Spotify playlist/album/track | spotdl URL |
| Images from gallery/artist page | scripts/dl-gallery.sh URL |
| A direct file URL (fast) | scripts/dl-file.sh URL (aria2, 16 connections) |
| A torrent or magnet link | scripts/dl-torrent.sh "magnet:..." |
| Subtitles for a video | scripts/dl-subtitle.sh QUERY |
| An ebook or paper | → references/ebooks.md |
| A movie or TV show | → references/video.md |
| Music / game soundtracks / OST | → references/music.md |
| Software or app | → references/software.md |
| Stock images/video/audio/fonts | → references/media-assets.md |
| Chinese cloud drive resources | → references/cloud-search.md |
| Online courses | → references/education.md |
| Something else / not sure | → references/search-techniques.md |
Scripts
All in scripts/. Each does one thing. Compose as needed.
| Script | What it does | Key args |
|---|---|---|
install-toolkit.sh | Install all CLI tools | — |
dl-video.sh URL [QUALITY] | Download video (auto cookies for Bilibili) | best/1080/720/480 |
dl-audio.sh URL [FORMAT] | Extract audio | mp3/opus/flac/best |
dl-file.sh URL [OUTPUT] | Fast multi-thread download | 16 connections via aria2 |
dl-gallery.sh URL [DIR] [ARGS...] | Batch download images | extra args passed to gallery-dl |
dl-torrent.sh MAGNET [DIR] | Download torrent/magnet | via aria2 |
dl-subtitle.sh QUERY [LANG] | Search & download subtitles | en/zh/ja etc. |
Quick One-Liners
# Best quality video
yt-dlp -f "bv*+ba/b" "URL"
# 1080p video + subtitles
yt-dlp -f "bv[height<=1080]+ba/b" --write-subs --sub-langs "en,zh" "URL"
# Extract audio as MP3
yt-dlp -x --audio-format mp3 "URL"
# Download YouTube playlist
yt-dlp --yes-playlist "URL"
# Fast file download (16 connections)
aria2c -x16 -s16 -k1M "URL"
# Download magnet
aria2c --seed-time=0 "magnet:?xt=..."
# Batch images from gallery
gallery-dl "URL"
# Spotify album → local MP3s
spotdl "SPOTIFY_URL"
# All PDFs from a page
wget -r -l1 -A "*.pdf" "URL"
# Video metadata as JSON (automation)
yt-dlp -j "URL"
# Get direct URL without downloading
yt-dlp -g "URL"
Agent Automation Patterns
Video pipeline: yt-dlp -j URL → parse JSON → select format → yt-dlp -f FORMAT URL -o OUTPUT
Ebook search: Search Anna's Archive / Z-Library / 鸠摩搜书 → get download page → extract link → aria2c
Bulk media: gallery-dl --dump-json URL → review items → gallery-dl -d OUTPUT URL
Music: spotdl SPOTIFY_URL (auto YouTube match + metadata) or yt-dlp -x --audio-format mp3 YOUTUBE_URL
Domain Instability
Many resource sites rotate domains. When a URL fails:
- Search:
[site name] mirror 2026or[站名] 最新地址 - Check Reddit/Twitter for community mirror lists
- Anna's Archive = most resilient ebook meta-search
- For Chinese cloud search: check 网盘之家导航 for latest links
References
| File | Content |
|---|---|
| ebooks.md | Ebook sites, academic papers, audiobooks, manga, Chinese books |
| video.md | Torrent sites, DDL, subtitles, anime, Chinese video |
| music.md | Free music, download tools, Chinese music, podcasts |
| software.md | Software archives, package managers, Chinese sites |
| media-assets.md | Stock images, video, audio, fonts |
| cloud-search.md | Chinese cloud drive search (百度/阿里/夸克) |
| education.md | Free courses and MOOCs |
| tools-reference.md | Detailed CLI syntax and advanced flags |
| search-techniques.md | Google dorks, search strategies |
Files
17 totalSelect a file
Select a file to preview.
Comments
Loading comments…