Video Sourcing Agent
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly aligned with video sourcing, but it runs a downloaded Python agent on the host with Google/YouTube keys and builds shell commands from the user's query in a way that needs safer scoping.
Review this before installing if you are not comfortable running downloaded code on your machine. Use tightly restricted Google/YouTube API keys, verify the GitHub tag or commit yourself, and prefer an updated version that passes the query as safe arguments rather than embedding it in a shell command string.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A maliciously crafted video query could potentially run unintended commands on the user's machine, especially because the workflow expects host runtime execution with sandboxing off.
The user-controlled query is interpolated into an exec command string. If the exec mechanism invokes a shell, quotes alone do not prevent command substitution or quote-breaking input from becoming host command execution.
<skill_dir>/scripts/run_video_query.sh --query "<query>" --event-detail <compact|verbose> --ux-mode three_message --progress-gate-seconds 10
Invoke the script with a structured argv array or another shell-safe mechanism, and explicitly avoid shell interpretation of the query. If a command string must be used, apply robust shell escaping and document the limits.
The code that actually performs video sourcing is fetched and executed later, so users are trusting external repository contents and dependencies that were not fully reviewed in this package.
The primary runtime is cloned and installed from GitHub on first use rather than being included in the reviewed artifacts. The tag is pinned, but there is no immutable commit hash or checksum verification shown.
git clone --depth 1 --branch "${PINNED_TAG}" "${PINNED_REPO_URL}" "${MANAGED_RELEASE_DIR}" ... uv sync --frozen --no-devVendor the reviewed runtime, pin by immutable commit hash, verify checksums/signatures, or include the referenced runtime source and lockfiles in the reviewed artifact set.
The skill can execute local Python code with access to the user's environment variables and local runtime context.
The skill openly states that it runs on the host outside the sandbox, which is expected for this bootstrap runner but increases the impact of any runtime or command-handling issue.
This workflow expects host runtime execution (sandbox mode off).
Run only if you trust the referenced repository and need the host-based runtime. Prefer sandboxed execution where possible.
Misconfigured or overly broad API keys could be used beyond the user's intended quota or project scope if the runtime is compromised or behaves unexpectedly.
The skill requires Google and YouTube API keys. This is consistent with video sourcing, but those credentials will be available to the executed runtime.
"requires": { "bins": ["git", "uv"], "env": ["GOOGLE_API_KEY", "YOUTUBE_API_KEY"] }Use restricted API keys with only the needed APIs enabled, apply quota limits, and avoid using keys tied to unrelated Google services.