ClawHub

YouTube Uploader

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for YouTube uploading, but it deserves review because it keeps reusable YouTube OAuth credentials on disk and installs Python packages at runtime.

Install only if you trust this skill with continuing access to your YouTube channel. Review the Google OAuth consent screen, specify --channel-id when multiple channels are authenticated, keep ~/.openclaw/youtube/channels.json private, and revoke or delete stored credentials when you no longer need the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation invokes Python scripts that perform network access, local credential storage, and shell execution behavior, yet the skill declares no permissions. This creates a transparency and consent problem: users and reviewers are not clearly informed that the skill can write files and interact with external services, increasing the chance of unsafe execution in sensitive environments.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill states that OAuth credentials are saved locally in ~/.openclaw/youtube/channels.json but does not prominently warn that these are sensitive long-lived tokens. If that file is exposed through weak filesystem permissions, backups, logs, or multi-user access, an attacker could use the tokens to access or operate the user's YouTube channel.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill copies the OAuth client secret to local storage and later persists access and refresh-token material in channels.json, but does not provide an explicit user-facing warning that these credentials will be retained on disk for future use. In a skill that manages publication to a YouTube account, persisted refresh tokens materially increase the blast radius of local compromise because they can enable continued API access to the user's channel.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal