v1.0.2

video2podcast

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:10 AM.

Analysis

The skill mostly matches its video-to-podcast purpose, but it reads browser login cookies by default and makes an overconfident privacy claim about them.

GuidanceInstall only if you are comfortable giving the skill Cloudflare R2 bucket write access and potentially letting it use browser login cookies for video downloads. Before using it, set VIDPOD_COOKIE_BROWSER=none unless you specifically need authenticated downloads, and use a dedicated R2 bucket/token for this feed.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

"VIDPOD_COOKIE_BROWSER" ... "Default: safari. Cookies are read locally and never transmitted."

The artifact claims cookies are never transmitted, while the code configures yt-dlp to use browser cookies for video downloads. That wording may lead users to underestimate the privacy and account-session impact.

User impactA user may enable or leave on browser-cookie access without realizing those cookies can be used in network requests to the video service.

RecommendationReplace the claim with a precise warning that cookies may be used to authenticate requests to source sites, and require explicit opt-in before reading a browser cookie store.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

pip3 install yt-dlp boto3

The skill depends on external pip packages without pinned versions. These dependencies are expected for downloading videos and using R2, but they are still part of the trusted runtime.

User impactFuture package changes could affect what code runs when the skill is installed or used.

RecommendationInstall from trusted package indexes, consider pinning versions, and keep dependencies updated intentionally.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/video_podcast.py

cookie_browser = os.environ.get("VIDPOD_COOKIE_BROWSER", "safari") ... ydl_opts["cookiesfrombrowser"] = (cookie_browser,)

The downloader reads a local browser cookie store by default and gives those cookies to yt-dlp when fetching URLs. Browser cookies are session credentials, so this is high-impact account access.

User impactThe skill may use your logged-in browser session to access YouTube or other supported sites, including restricted content tied to your account.

RecommendationDefault to VIDPOD_COOKIE_BROWSER=none unless the user explicitly opts in, declare browser cookies as sensitive credentials, and limit cookie use to clearly approved downloads.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

Set permissions: **Object Read & Write** on your bucket

The skill needs Cloudflare R2 write access to publish the podcast feed and audio files. This is purpose-aligned, but it gives the skill authority to mutate objects in the configured bucket.

User impactIf misconfigured or misused, the R2 token could change or overwrite files in the podcast bucket.

RecommendationUse a dedicated R2 bucket and a least-privilege token limited to that bucket; rotate the token if you stop using the skill.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

scripts/video_podcast.py

STATE_FILE = Path.home() / ".openclaw" / "video-podcast-state.json"

The skill stores a persistent local state file containing episode and processed-URL data so it can maintain the feed across runs.

User impactYour local machine may retain a history of videos added to the podcast feed.

RecommendationReview or delete ~/.openclaw/video-podcast-state.json if you want to clear the local feed history.