YouTube Music ULTRA

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.dangerous_exec

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernHigh Confidence

ASI05: Unexpected Code Execution

What this means

A crafted video ID or similar input could potentially run commands on the user's machine instead of only opening YouTube Music.

Why it was flagged

The script takes a user-supplied video ID and embeds it directly into a shell command executed with execSync, without validating that it is only a YouTube video ID or using a safe argument-array API.

Skill content

const videoId = args[1]; ... fastExec(`openclaw browser open --targetUrl="${YOUTUBE_WATCH}${videoId}"`);

Recommendation

Use execFile/spawn with argument arrays, validate video IDs and URLs strictly, and avoid constructing shell command strings from user input.

NoteHigh Confidence

ASI03: Identity and Privilege Abuse

What this means

Actions may affect the YouTube Music account active in the OpenClaw browser profile.

Why it was flagged

The skill controls YouTube Music through a browser profile, which may include a logged-in YouTube/Google session and can affect playlists, likes, queue, or playback.

Skill content

Uses OpenClaw's browser tool with YouTube Music:
- Profile: `openclaw` (isolated browser)
- Base URL: `https://music.youtube.com`

Recommendation

Use an isolated browser profile for this skill and review account-changing actions such as liking songs or modifying playlists.

NoteHigh Confidence

ASI06: Memory and Context Poisoning

What this means

Music searches can remain on disk and cached entries could influence later playback behavior.

Why it was flagged

The skill stores search queries and URLs in a predictable /tmp cache file and may reuse cached data across runs.

Skill content

const CACHE_FILE = '/tmp/yt_music_v3_cache.json'; ... cache[query.toLowerCase()] = { searchUrl, timestamp: Date.now() }; saveCache(cache);

Recommendation

Store cache data in a user-private skill directory with restrictive permissions, validate cache contents before use, and document/offer cache clearing.

Findings (3)

critical

suspicious.dangerous_exec

Location: scripts/control.js:20
Finding: Shell command execution detected (child_process).

critical

suspicious.dangerous_exec

Location: scripts/direct-play.js:34
Finding: Shell command execution detected (child_process).

critical

suspicious.dangerous_exec

Location: scripts/ultra-play.js:23
Finding: Shell command execution detected (child_process).