ClawHub

YouTube Playlist

v0.10.7-dev

Manage YouTube playlists. Use this skill to list, create, update, or delete playlists. Useful when working with YouTube playlist — provides commands to delet...

0· 193·0 current·0 all-time
by@openwaygate
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary (yutu), install spec (@eat-pray-ai/yutu), required env vars (YUTU_CREDENTIAL, YUTU_CACHE_TOKEN) and config paths (client_secret.json, youtube.token.json) all match a CLI that uses Google OAuth to manage YouTube playlists.
Instruction Scope
SKILL.md and reference docs only instruct using the yutu CLI and its auth flow (yutu auth). They reference the declared config files and do not request unrelated files, system paths, or external endpoints beyond the expected GitHub repo and Google's OAuth redirect for authorization.
Install Mechanism
Install uses an npm package (@eat-pray-ai/yutu) which produces the expected 'yutu' binary. Alternative install methods are documented in setup.md (brew/winget/go/releases). No arbitrary download URLs or extract-from-unknown-host behavior in the skill manifest.
Credentials
Required env vars and config paths are OAuth client credential and token artifacts appropriate for YouTube API access. No unrelated secrets or multiple unrelated credentials are requested. PrimaryEnv is set to YUTU_CREDENTIAL, which is consistent.
Persistence & Privilege
always is false and the skill is user-invocable with normal autonomous invocation allowed. The skill does not request system-wide configuration changes or access to other skills' credentials.
Assessment
This skill is instruction-only and appears coherent: it requires installing the yutu CLI and configuring Google OAuth (client_secret.json and youtube.token.json). Before installing, verify the npm package and GitHub repository (https://github.com/eat-pray-ai/yutu) to ensure you trust the publisher; review the package source if you can. Keep your client_secret.json and youtube.token.json private and store them securely. During setup yutu will open a browser for OAuth consent — confirm the scopes requested are appropriate for your account. Avoid pasting raw credentials into untrusted terminals or environments. If you want extra assurance, run the yutu binary from a checked-out release tarball or inspect the package contents before global installation.

Like a lobster shell, security has layers — review code before you run it.

0.10.6-3vk9795tsfz91s36gjs0fya88dhs82r4qp0.10.7-devvk970zy83wz8a8qmhv80518cx9982wvfmlatestvk970zy83wz8a8qmhv80518cx9982wvfm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬🐰 Clawdis
Binsyutu
EnvYUTU_CREDENTIAL, YUTU_CACHE_TOKEN
Configclient_secret.json, youtube.token.json
Primary envYUTU_CREDENTIAL

Install

Node
Bins: yutu
npm i -g @eat-pray-ai/yutu

Comments