ClawHub

YouTube Search

v0.10.7-dev

Manage YouTube search. Use this skill to search for videos, channels, playlists, and other resources. Useful when working with YouTube search — provides comm...

1· 534·1 current·1 all-time
by@openwaygate
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (yutu), required env vars (YUTU_CREDENTIAL, YUTU_CACHE_TOKEN), and required config files (client_secret.json, youtube.token.json) all match a CLI that uses Google OAuth to call the YouTube API.
Instruction Scope
SKILL.md and references instruct the agent to run yutu commands and to perform OAuth authorization (which opens a browser and writes a token file). The instructions do not request unrelated files, credentials, or external endpoints beyond YouTube/GCP.
Install Mechanism
Install is an npm package (@eat-pray-ai/yutu) producing the yutu binary. Installing a third-party npm binary is a normal delivery for a CLI but carries the usual supply-chain risk; the package origin (GitHub repo provided) should be checked before installing in sensitive environments.
Credentials
The skill requires only OAuth client credentials and a cached token (YUTU_CREDENTIAL, YUTU_CACHE_TOKEN) and documents these variables. These are proportional and expected for a YouTube API client.
Persistence & Privilege
always is false, the skill does not request elevated system persistence or modify other skills' configuration. Runtime behaviour is limited to invoking the yutu CLI and reading/writing the documented credential/token files.
Assessment
This skill is coherent: it expects the yutu CLI and Google OAuth credentials to call the YouTube API. Before installing, verify the npm package and GitHub repo (owner, recent releases, issues) to ensure you trust the publisher. Use a least-privilege OAuth client/project, avoid reusing high-privilege credentials, and keep client_secret.json and youtube.token.json in a safe location. If you are concerned about supply-chain risk, review the package source or run yutu in an isolated environment (container or VM) rather than your primary system.

Like a lobster shell, security has layers — review code before you run it.

0.10.6-3vk9727bnpm8zjw48bbyzfbjb3a982s9ng0.10.7-devvk978kbtqcpma7wm55cee3b233n82wm57latestvk978kbtqcpma7wm55cee3b233n82wm57

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬🐰 Clawdis
Binsyutu
EnvYUTU_CREDENTIAL, YUTU_CACHE_TOKEN
Configclient_secret.json, youtube.token.json
Primary envYUTU_CREDENTIAL

Install

Node
Bins: yutu
npm i -g @eat-pray-ai/yutu

Comments