YouTube Video Abuse Report Reason
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is a straightforward YouTube CLI wrapper for listing abuse report reasons, but it requires installing an external CLI and using YouTube OAuth credentials.
This appears safe for its stated read-only purpose if you trust the yutu CLI. Before installing, review the OAuth permissions Google asks you to grant, keep client_secret.json and youtube.token.json private, and avoid using broader YouTube scopes than you need.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may be asked to grant YouTube account access, and the resulting token can be reused by the CLI.
The skill explicitly uses Google/YouTube OAuth credentials and a cached token. This is expected for a YouTube API integration, but it gives the CLI delegated account access.
yutu requires Google Cloud Platform OAuth credentials and a cached token to access the YouTube API.
Review the OAuth consent screen and scopes before approving access, keep client_secret.json and youtube.token.json private, and revoke the token if you stop using the tool.
The installed yutu program will run locally and handle your YouTube OAuth files.
The setup depends on installing an external CLI package. This is central to the skill's purpose, but the skill artifacts do not include the CLI source code being installed.
npm i -g @eat-pray-ai/yutu
Install only from trusted package sources, verify the project/release if possible, and keep the CLI updated from the official source.
Anyone or anything with access to the token file may be able to use the authorized YouTube API permissions.
The skill documents local persistence of an OAuth token. This is normal for OAuth-based CLI access, but the file is sensitive credential material.
After granting permission, a token is saved to `youtube.token.json`.
Store the token file in a private location, avoid committing it to source control, and delete or revoke it when no longer needed.