Youtube Playlist Handler
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Approving OAuth gives the skill a reusable token with broad YouTube account permissions, not just a one-time playlist action.
The skill requests broad delegated YouTube account access and persists the resulting OAuth token for reuse. This is high-impact account authority for a playlist-focused tool.
SCOPES = ['https://www.googleapis.com/auth/youtube'] ... TOKEN_FILE = SKILL_DIR / "token.pickle"
Only approve the OAuth consent if you trust the skill. The skill should declare the credential requirement clearly, use the narrowest available scope, and document how to delete token.pickle or revoke Google access.
The agent could access and print sensitive YouTube preference/profile information if these commands are invoked.
The code can read the user's liked videos and subscriptions. These commands are not listed in SKILL.md and are broader than creating or managing playlists.
request = service.videos().list(
part="snippet,contentDetails",
myRating="like",
maxResults=50
)
...
request = service.subscriptions().list(
part="snippet",
mine=True,
maxResults=max_results
)Remove these commands or document them prominently, and require an explicit user request before reading liked videos or subscriptions.
Running the commands can create playlists and add videos to the user's YouTube account, including unlisted playlists for bulk-create.
The documented commands perform real YouTube account mutations. This is purpose-aligned, but users should notice the privacy and account-change impact.
python3 {baseDir}/scripts/yt_playlist.py create "Playlist Name"
...
python3 {baseDir}/scripts/yt_playlist.py bulk-create "Playlist Name" <video1> <video2> ...
...
Default privacy is "unlisted" for bulk-create, "private" for single createConfirm the playlist title, video IDs, and privacy setting before invoking create or bulk-create actions.
If an attacker or another process can replace token.pickle, running the skill could execute malicious local code.
The token cache is loaded with Python pickle. Pickle is unsafe if the file is tampered with, because loading a malicious pickle can execute code.
with open(TOKEN_FILE, 'rb') as token:
creds = pickle.load(token)Protect the token file, delete unexpected token.pickle files, and prefer a safer token storage format or strict file-permission checks.
A user running the top-level copy directly could accidentally read or write OAuth files outside the expected skill folder.
In the top-level duplicate script, parent.parent would resolve one directory above the skill directory if run directly, making credential and token storage less clearly bounded.
SKILL_DIR = Path(__file__).parent.parent CREDENTIALS_FILE = SKILL_DIR / "credentials.json" TOKEN_FILE = SKILL_DIR / "token.pickle"
Use the documented scripts/yt_playlist.py path, or remove/fix the duplicate top-level script so credential paths are unambiguous.