Back to skill
Skillv1.0.3
ClawScan security
M3U8 Media Downloader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 27, 2026, 1:59 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose: it wraps the @lzwme/m3u8-dl CLI and ffmpeg for downloading and parsing m3u8/HLS and social sharing links; required binaries and install method match that purpose.
- Guidance
- This skill appears to do what it says, but take these precautions before installing or running it: 1) Review the npm package and GitHub source for @lzwme/m3u8-dl@1.9.0 (npm view and the repo) to confirm you trust it. 2) Install/run in an isolated environment (container or VM) and ensure ffmpeg comes from a trusted source. 3) If you run the WebUI, do not expose it to the public network and set a strong DS_SECRET to prevent access. 4) Be careful when supplying custom headers or cookies (they can contain credentials). 5) Avoid using the tool to fetch private/internal URLs unless you understand the security implications. If you want lower risk, use the Node API or CLI on a disposable system and inspect downloaded files before opening.
Review Dimensions
- Purpose & Capability
- okName/description, required binaries (m3u8dl, ffmpeg), and the install formula (@lzwme/m3u8-dl@1.9.0) all directly support downloading and parsing m3u8/HLS and social sharing links. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- okSKILL.md instructs using the m3u8dl CLI (info, parser, server) and Node API; it references expected inputs (URLs, batch list files) and optional WebUI env vars. It does not instruct the agent to read unrelated system files or unrelated environment variables. Note: the skill legitimately reads user-provided files (batch lists) and can request custom headers (which may include cookies) — both are functionally appropriate but can carry sensitive data if supplied.
- Install Mechanism
- noteInstall uses an npm package formula (@lzwme/m3u8-dl@1.9.0) which is reasonable for a CLI written in Node. The package is pinned to a specific version (good). Installing an npm package is a moderate-risk operation because it writes code and binaries to disk; user should verify the package (npm view / GitHub) before installing.
- Credentials
- okThe skill requires no global secrets or unrelated credentials. It documents optional WebUI env vars (DS_PORT, DS_SECRET, DS_SAVE_DIR, DS_CACHE_DIR, DS_FFMPEG_PATH); DS_SECRET is appropriately flagged as sensitive. No disproportionate or unexplained env access is requested.
- Persistence & Privilege
- okalways is false and the skill is user-invocable with normal autonomous invocation. The skill does not request permanent presence or modify other skills or system-wide settings. Running the WebUI launches a local server — that is expected behavior but should be managed carefully.