ClawHub

YouTube Video Abuse Report Reason

v0.10.7-dev

Manage YouTube video abuse report reasons. Use this skill to list available abuse report reasons. Useful when working with YouTube video abuse report reason...

0· 166·0 current·0 all-time
by@openwaygate
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (yutu), env vars (YUTU_CREDENTIAL, YUTU_CACHE_TOKEN), and config paths (client_secret.json, youtube.token.json) all align with a YouTube API CLI that requires OAuth credentials and a cached token.
Instruction Scope
SKILL.md instructs only to install yutu, configure OAuth, and run yutu videoAbuseReportReason list. It does not ask the agent to read unrelated system files, contact unexpected endpoints, or exfiltrate data beyond the YouTube API credentials/token needed for operation.
Install Mechanism
Install uses an npm package (@eat-pray-ai/yutu) that provides the yutu binary. npm installs are a common distribution method but carry moderate risk compared to vetted OS package managers or source-reviewed binaries; this is expected for a JS CLI but users should verify the package/publisher.
Credentials
Required env vars and config paths map directly to OAuth client secret and cached token for Google/YouTube. The number and type of credentials requested are proportionate to the stated functionality.
Persistence & Privilege
The skill does not request always: true, does not modify other skills, and only installs a CLI binary for explicit user invocation. Autonomous model invocation is allowed by default but not combined with other concerning privileges here.
Assessment
This skill appears internally consistent: it installs a yutu CLI and needs Google OAuth credentials + a cached token to call the YouTube API. Before installing, verify the @eat-pray-ai/yutu package and its GitHub repo (publisher identity, recent commits, releases) to ensure you trust the maintainer. Use a dedicated GCP OAuth client with minimal scopes and do not reuse high-privilege credentials. Keep client_secret.json and youtube.token.json in a secure location; if you revoke access later, rotate or delete the token. Remember npm packages can run code during install—review the package source or prefer installing from an audited release if that is a concern.

Like a lobster shell, security has layers — review code before you run it.

0.10.6-3vk9743b2a69zf621375ys1pjj9n82tabh0.10.7-devvk977eqb25yy3rmgb3szkk7rsrn82wwztlatestvk977eqb25yy3rmgb3szkk7rsrn82wwzt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬🐰 Clawdis
Binsyutu
EnvYUTU_CREDENTIAL, YUTU_CACHE_TOKEN
Configclient_secret.json, youtube.token.json
Primary envYUTU_CREDENTIAL

Install

Node
Bins: yutu
npm i -g @eat-pray-ai/yutu

Comments