YouTube Subscription

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill is a coherent wrapper for the yutu YouTube CLI; its main risks are expected OAuth account access and the ability to change subscriptions.

Install this only if you trust the yutu CLI source. Keep the OAuth credential and token files private, review the Google OAuth permissions, and explicitly confirm channel or subscription IDs before any subscribe or unsubscribe action.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation

Medium

What this means

A mistaken or overly broad command could unsubscribe the account from channels.

Why it was flagged

The skill documents a command that can remove multiple YouTube subscriptions. This is purpose-aligned but changes account state.

Skill content

# Delete multiple subscriptions ... yutu subscription delete --ids abc123,def456

Recommendation

List subscriptions first and require explicit confirmation of the exact subscription IDs before running insert or delete operations.

#ASI03: Identity and Privilege Abuse

Medium

What this means

Anyone with access to these credential values or token files may be able to act through the configured YouTube account within the granted OAuth permissions.

Why it was flagged

The skill requires OAuth client credentials and a cached OAuth token for YouTube API access. This is expected for the integration but gives the CLI delegated account access.

Skill content

`YUTU_CREDENTIAL` | Path, base64, or JSON of OAuth client secret ... `YUTU_CACHE_TOKEN` | Path, base64, or JSON of cached OAuth token

Recommendation

Keep client_secret.json and youtube.token.json private, review the OAuth consent screen, and revoke the token if the skill is no longer used.

#ASI04: Agentic Supply Chain Vulnerabilities

Low

What this means

Installing the wrong or compromised yutu package or binary could affect the local machine and the connected YouTube account.

Why it was flagged

The skill relies on installing an external CLI globally, with some setup options using latest/prebuilt artifacts. This is disclosed and purpose-aligned, but it is still a supply-chain dependency.

Skill content

npm i -g @eat-pray-ai/yutu ... go install github.com/eat-pray-ai/yutu@latest ... Download a prebuilt binary from the releases page

Recommendation

Install yutu only from the intended upstream source, prefer pinned or verified releases when possible, and avoid unofficial mirrors.