ClawHub - YouTube Downloader & Clipper

The skill is classified as suspicious due to the agent being instructed to execute `pip install yt-dlp` in `prompt.md` if the module is not found. While `yt-dlp` is a legitimate package, granting the agent the capability to run `pip install` allows it to install arbitrary Python packages, which is a high-risk operation. Additionally, the agent is instructed to generate and execute Python code based on user input, which, despite instructions for filename sanitization, presents a significant attack surface if not perfectly secured by the agent's runtime environment.