Youtube Music
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: youtube-music-ultra Version: 3.0.0 The skill contains multiple critical shell injection vulnerabilities in its Node.js scripts (`scripts/control.js`, `scripts/direct-play.js`, `scripts/ultra-play.js`). These scripts use `child_process.execSync` to execute `openclaw browser` commands, but user-controlled input (e.g., song queries, video IDs) is directly embedded into the shell command strings without proper shell escaping. While URL encoding is applied, it does not prevent shell metacharacters from being interpreted by `execSync`, potentially allowing arbitrary command execution on the host system. There is no evidence of intentional malicious behavior, classifying this as suspicious due to severe vulnerabilities.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A maliciously crafted music URL or prompt could cause the skill to run commands locally, not just open YouTube Music.
A direct YouTube URL supplied to the play command is inserted into a shell command inside quotes without escaping or validation. A crafted URL containing shell metacharacters could break out of the argument and execute local commands.
const cmd = `openclaw browser ${action} ${Object.entries(params).map(([k, v]) => `--${k}=\"${v}\"`).join(' ')}`; return execSync(cmd, { encoding: 'utf8' }); ... browserAction('open', { targetUrl: query });Replace execSync string commands with execFileSync/spawnSync argument arrays with shell disabled, and strictly validate allowed YouTube Music URLs before opening them.
A crafted song query or direct video ID could execute unexpected local shell commands through the ultra-fast helper.
User-derived cache contents are written through a shell echo command, and direct video IDs are inserted into a shell command without validation. Inputs containing quotes or shell syntax could become executable shell content.
fastExec(`echo '${JSON.stringify(cache)}' > ${CACHE_FILE}`); ... fastExec(`openclaw browser open --targetUrl=\"${YOUTUBE_WATCH}${videoId}\"`);Use Node filesystem APIs such as fs.writeFileSync for cache writes, validate video IDs with a strict allowlist such as /^[A-Za-z0-9_-]+$/, and avoid shell interpolation for browser CLI calls.
The skill may act as your YouTube Music browser session, including making library changes you request.
The skill is designed to act through a browser profile that may be logged into YouTube Music and can change media-library state such as playlists or liked songs.
Uses OpenClaw's browser tool with YouTube Music: - Profile: `openclaw` (isolated browser) ... **Add to Playlist**: "add this to [playlist]" ... **Liked Songs**: "show liked songs" / "like this"
Use a dedicated OpenClaw browser profile for this skill and review commands that change playlists, likes, or queues.
Your music searches or listening patterns may be stored locally in /tmp and reused by the skill.
The skill stores search/play queries and timestamps in a temporary local cache that can persist for reuse across sessions.
const CACHE_FILE = '/tmp/yt_music_v3_cache.json'; ... cache[query.toLowerCase()] = { searchUrl, timestamp: Date.now() }; saveCache(cache);Store cache data in a user-private skill data directory with restrictive permissions, provide a clear cache-disable or clear-cache option, and avoid trusting cache entries as authoritative.