Back to skill
Skillv0.10.7-dev
ClawScan security
YouTube Activity · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 1:54 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions match its stated purpose (listing YouTube activities via the yutu CLI) and ask only for expected OAuth credentials and token files.
- Guidance
- This skill appears coherent: it wraps the yutu CLI to list YouTube activities and requires the expected Google OAuth client secret and token. Before installing, verify you trust the @eat-pray-ai/yutu package and its GitHub repo (review code or release artifacts), prefer installation from an official release channel for your platform, and limit OAuth scopes when creating credentials. If you are concerned about npm supply-chain risk, install the binary from an audited release or run in an isolated environment. Do not share your OAuth client secret or token with untrusted sources.
Review Dimensions
- Purpose & Capability
- okName/description ask to manage/list YouTube activities; declared binary (yutu), OAuth client secret, and cached token are appropriate and necessary for YouTube API access.
- Instruction Scope
- okSKILL.md and references only instruct installing/using yutu, creating Google OAuth credentials, and running yutu auth to obtain a token. No instructions to read unrelated files, exfiltrate data, or call unexpected endpoints.
- Install Mechanism
- noteInstall spec declares an npm package (@eat-pray-ai/yutu) which creates the yutu binary — appropriate for a CLI. Documentation also lists brew/winget/go/release downloads; the install section only includes the node/npm method, a minor inconsistency but not malicious. Installing an npm global package carries the normal supply-chain risk of third-party packages.
- Credentials
- okRequired env vars (YUTU_CREDENTIAL, YUTU_CACHE_TOKEN) and config files (client_secret.json, youtube.token.json) map directly to OAuth client secrets and cached tokens needed to access the YouTube API — proportional to the skill's functionality.
- Persistence & Privilege
- okalways is false and the skill does not request system-wide config changes or other skills' credentials. Autonomous invocation (model invocation enabled) is the platform default and not a red flag here.