Back to skill

Security audit

ClawHub - YouTube Downloader & Clipper

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform the advertised YouTube clipping/downloading task, but it should be reviewed because it can silently install a Python package and run generated local scripts from user-provided inputs.

Install only if you are comfortable with the agent downloading YouTube media, writing files locally, running a temporary Python script, and possibly installing yt-dlp from pip. For safer use, preinstall yt-dlp in an isolated environment, run from a dedicated downloads directory, and avoid privileged or shared Python environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The documentation is materially misleading: it advertises a 'pure Python' and 'no binary dependencies' solution while later requiring ffmpeg for audio extraction and fallback clipping. Users may run the skill under incorrect assumptions about what will be installed or executed, which weakens informed consent and can lead to unexpected binary execution in security-sensitive environments.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to auto-install packages and generate then execute Python code derived from user inputs. In an agent context, this expands capabilities beyond simple media processing and can enable supply-chain risk, unsafe code execution patterns, and abuse of the host environment if inputs are insufficiently constrained.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly states that the skill will auto-install yt-dlp via pip if it is missing, but it does not clearly warn users that running the skill may modify their local Python environment. Silent dependency installation can introduce unexpected package changes, network access, and supply-chain risk, especially in agent-driven environments where users may assume actions are read-only.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The README says clips are saved to the current working directory and supports custom output filenames, but it does not clearly warn about local file creation or possible overwrite behavior. In an automated agent context, this can lead to unintended file writes, collisions with existing files, or confusion about where artifacts are being stored.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill performs file downloads and writes output to disk, but the description does not prominently warn users that artifacts will be saved to the current working directory by default. In agent or automation contexts, silent filesystem writes can overwrite files, consume storage, or place untrusted media in sensitive directories without clear user awareness.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that dependencies may be auto-installed via pip but does not present this as a prominent security warning. Automatic package installation introduces supply-chain and environment-modification risk: it can alter the runtime, pull code from external sources, and execute install-time behavior without explicit user approval, which is especially dangerous in privileged or shared environments.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill directs the agent to install yt-dlp transparently and execute generated code without a clear warning or explicit user consent. In a local agent environment, silent software installation and execution can surprise users, alter system state, and increase exposure to dependency or execution risks.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The skill writes temporary scripts and output files to disk, then deletes temporary files, without clearly warning the user about these file system side effects. While lower severity than arbitrary execution, undisclosed disk writes can still cause privacy, data handling, or operational issues in sensitive environments.

Missing User Warnings

Low
Confidence
94% confidence
Finding
The manifest explicitly advertises downloading and clipping YouTube media but does not disclose that the skill will perform network access and create files on disk. While this is not inherently malicious, insufficient transparency can lead users to invoke the skill without understanding its side effects, which is a legitimate security and safety concern for agent-integrated tools.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.