ClawHub

YouTube I18n Region

v0.10.7-dev

Manage YouTube i18n regions. Use this skill to list available internationalization regions. Useful when working with YouTube i18n region — provides commands...

0· 185·0 current·0 all-time
by@openwaygate
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary (yutu), required env vars (YUTU_CREDENTIAL, YUTU_CACHE_TOKEN) and config paths (client_secret.json, youtube.token.json) all align with a CLI that calls the YouTube APIs.
Instruction Scope
SKILL.md only instructs installing/using the yutu CLI and running 'yutu i18nRegion list' and links to setup that explicitly describes OAuth client secrets and a local token file; it does not ask the agent to read unrelated files, contact unexpected endpoints, or exfiltrate data.
Install Mechanism
Install is an npm package (@eat-pray-ai/yutu) which is a reasonable method for a CLI distributed via Node; setup docs also list platform-appropriate alternatives. No downloads from obscure URLs or extract-from-arbitrary-host behavior is present in the metadata.
Credentials
The skill requests OAuth client credentials and a cached token, which are necessary for YouTube API access; the number and type of env vars and config paths are proportionate to the stated functionality. Users should still treat those values as sensitive.
Persistence & Privilege
The skill is not always-enabled and uses normal autonomous invocation defaults. It doesn't request elevated system-wide configuration or attempt to modify other skills/settings.
Assessment
This skill appears coherent for running the yutu CLI to list YouTube i18n regions. Before installing: (1) confirm the npm package and GitHub repo (@eat-pray-ai/yutu) are from a trusted source; (2) keep your OAuth client_secret.json and youtube.token.json private (they grant API access); (3) prefer installing via your platform package manager if available (brew/winget) or inspect the npm package contents before global install; (4) revoke the OAuth token if you later suspect misuse. Autonomous invocation is normal for skills and not a red flag here, but only grant the minimum credentials/scopes needed for the task.

Like a lobster shell, security has layers — review code before you run it.

0.10.6-3vk973dx4hty2ge122me4b63835182sqgx0.10.7-devvk9754ftkjt8jx3jh74s939dkhs82wr1flatestvk9754ftkjt8jx3jh74s939dkhs82wr1f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬🐰 Clawdis
Binsyutu
EnvYUTU_CREDENTIAL, YUTU_CACHE_TOKEN
Configclient_secret.json, youtube.token.json
Primary envYUTU_CREDENTIAL

Install

Node
Bins: yutu
npm i -g @eat-pray-ai/yutu

Comments