ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

YouTube Music ULTRA

v3.0.0

Control YouTube Music with natural language. Play, pause, skip, search, manage playlists, and queue tracks. Full playback control via browser automation.

0· 401·1 current·1 all-time
byom yarewara@oki3505f
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, scripts, and runtime instructions all describe browser automation for YouTube Music and the required 'node' binary is justified by the included Node.js scripts. However, the declared required env var YOUTUBE_MUSIC_BROWSER_PROFILE is not actually used by the scripts (they hardcode or default to the 'openclaw' profile). This is a mismatch that should be clarified.
Instruction Scope
SKILL.md and the scripts limit actions to controlling https://music.youtube.com via the OpenClaw browser (open/start/status, open targetUrl). The skill also stores listening/cache data (in ~/.openclaw workspace and /tmp cache files) and can auto-start the browser. Those behaviors are consistent with a playback controller, but the presence of persistent caching and a claimed 'listening history' means the skill will collect and store local user activity (privacy consideration).
Install Mechanism
There is no external download/install spec (instruction-only + shipped scripts). Nothing is pulled from arbitrary remote URLs during install, so install risk is low. The code will be written into the skill workspace when added, which is expected for a script-based skill.
!
Credentials
The declared env var (YOUTUBE_MUSIC_BROWSER_PROFILE) appears unnecessary (unused) — mismatch is suspicious but low risk. No API keys or unrelated credentials are requested. However, the skill requires access to the OpenClaw CLI and can start/open the browser and open arbitrary targetUrl values derived from user queries; combined with several places where shell commands are built from query text (execSync / fastExec / echo into cache files), this introduces potential for command-injection or shell-escaping issues if queries are not sanitized.
Persistence & Privilege
always:false (no forced inclusion). The skill writes cache files (e.g. /tmp/yt_music_v3_cache.json, /tmp/yt_music_v3.json and files under ~/.openclaw/workspace/skills/youtube-music) and can start the OpenClaw browser/gateway. Writing local caches and auto-starting the browser are proportionate for this purpose, but remember these artifacts persist locally and could contain user activity; also the skill can autonomously open URLs (default agent invocation allowed), which expands its operational reach — worth limiting if you don't want autonomous web actions.
What to consider before installing
This skill appears to do what it says (control YouTube Music via OpenClaw's browser), but review the code before installing: 1) Confirm you trust the OpenClaw CLI and the 'openclaw browser' commands the skill runs (it can start the browser and open arbitrary URLs). 2) The metadata asks for YOUTUBE_MUSIC_BROWSER_PROFILE but the scripts default to 'openclaw' — either remove the unused env requirement or update scripts to respect it. 3) The Node.js and bash code build shell commands and write cache files from user-provided queries (echo into files, execSync/fastExec). These are correctness/privacy risks: unsanitized input could cause shell injection or malformed cache content; cache files store listening history. Inspect/validate or sanitize input handling (or run the skill in an isolated environment) before granting it access. 4) If you allow autonomous invocation, consider the privacy implications (local cache, ability to open URLs) and whether you prefer to keep the skill user-invocable only. Recommended actions: run the bundled test.sh in a sandbox, audit usages of execSync/fastExec/echo for proper escaping, and remove or correctly implement the YOUTUBE_MUSIC_BROWSER_PROFILE requirement. If you are not comfortable auditing the code yourself, run the skill in a restricted container or decline installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk975hkcj8a1mssgwx67940dfv981xcyy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎵 Clawdis
Binsnode
EnvYOUTUBE_MUSIC_BROWSER_PROFILE

Comments