ClawHub

ClawHub - YouTube Downloader & Clipper

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it downloads or clips YouTube media locally, but users should notice that it may install yt-dlp and write media files to disk.

Install only if you are comfortable with the skill downloading media from YouTube, creating local media files, running a temporary Python script, and possibly installing yt-dlp from pip. For tighter control, install yt-dlp yourself in an isolated environment first and use an explicit output directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The README explicitly states the skill will auto-install yt-dlp via pip if the module is missing. Allowing a skill to install packages at runtime expands its capabilities beyond simple media processing, introduces supply-chain risk, and can execute arbitrary install-time code from package dependencies. In this context, auto-installation is not strictly necessary because dependencies can be declared and installed during setup instead.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill saves downloaded media to the current working directory by default, but this operational side effect is not prominently warned about before use. In agent or automation contexts, implicit file creation can clutter sensitive directories, overwrite expected artifacts, or cause unreviewed data retention on shared systems.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill advertises automatic dependency installation via pip without a strong security warning, which is risky in agent environments because it modifies the runtime environment and pulls code from external package sources. This can introduce supply-chain risk, unexpected network access, and non-deterministic behavior, especially on production or shared hosts.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill directs automatic installation of yt-dlp via pip without clear user consent, which causes unannounced modification of the execution environment. In agent contexts, silent package installation can introduce supply-chain risk, alter shared environments, and violate least-privilege or change-control expectations.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal