v1.0.0

Video Download FaaS

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:51 AM.

Analysis

The downloader mostly matches its stated purpose, but it overstates container isolation and its process-kill helper is not tightly scoped to only its own downloads.

GuidanceReview this carefully before installing. Do not assume Firecracker or container isolation is present unless you provide and inspect that wrapper yourself. Install yt-dlp from a trusted source, avoid running the scripts as a privileged user, keep track of returned session IDs, and be cautious with force-killing downloads or leaving /tmp logs behind.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Download videos in MP4 format using yt-dlp with FaaS (Firecracker/Container) isolation... ./run-in-container.sh scripts/download.sh "URL"

The documentation presents isolation as part of the skill and references a container wrapper, but the provided manifest does not include run-in-container.sh and the included download script runs yt-dlp directly with nohup.

User impactA user may believe downloads are isolated in a container or Firecracker VM when the included implementation actually runs on the local host.

RecommendationDo not rely on the isolation claim unless an actual reviewed container/Firecracker wrapper is provided; update the description to match the included implementation.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

scripts/kill-download.sh

SESSION_ID="$1" ... PID_FILE="/tmp/${SESSION_ID}.pid" ... PID=$(cat "$PID_FILE") ... kill -9 "$PID"

The script builds the PID-file path from caller-controlled input and kills the PID read from that file, without validating that the PID belongs to a yt-dlp process or to a session created by this skill.

User impactA mistaken or crafted session ID could cause the helper to terminate an unintended local process.

RecommendationValidate session IDs, store session files in a private directory, and verify the target process command/owner before sending SIGTERM or SIGKILL.

Rogue Agents

SeverityLowConfidenceHighStatusNote

scripts/download.sh

nohup yt-dlp ... "$URL" > "$LOG_FILE" 2>&1 &

Downloads are intentionally started as background processes that continue after the command returns; this is disclosed and purpose-aligned, but it is persistent activity the user should track.

User impactDownloads may continue using network, CPU, disk, and storage after the interactive session has moved on.

RecommendationKeep the returned session ID, monitor long-running downloads, and use the kill helper carefully when a job should stop.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

Requirements

- yt-dlp installed and in PATH
- Bash 4.0+
- Write access to /tmp and output directory

The skill depends on local tools, especially yt-dlp, but the registry metadata declares no required binaries and provides no install spec, so dependency provenance and availability are left to the user environment.

User impactThe skill may fail if yt-dlp is missing, or may run whatever yt-dlp binary appears first in PATH.

RecommendationInstall yt-dlp from a trusted source, consider pinning or declaring the dependency, and verify which binary will be executed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

scripts/download.sh

SESSION_FILE="/tmp/${SESSION_NAME}.session" ... "url": "$URL", "output_dir": "$OUTPUT_DIR", "log_file": "$LOG_FILE"

The skill writes session metadata, URLs, output paths, and logs into /tmp for later status checks; this is useful for the workflow but creates local retained state.

User impactDownloaded video URLs and local output locations may remain in temporary files until cleanup occurs.

RecommendationUse non-sensitive output locations, clean stale /tmp/video_dl_* files when finished, and avoid sharing logs if URLs are private.