Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Youtube Music
v3.0.0Control YouTube Music with natural language. Play, pause, skip, search, manage playlists, and queue tracks. Full playback control via browser automation.
⭐ 0· 409·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (YouTube Music control via browser automation) lines up with the code and SKILL.md: scripts open music.youtube.com, perform searches, and call the OpenClaw browser CLI. Minor inconsistency: SKILL metadata and package.json declare a required env var YOUTUBE_MUSIC_BROWSER_PROFILE, but the main v3 scripts default to the literal profile 'openclaw' and do not actually read that env var, so the declared requirement isn't used by the shipped scripts.
Instruction Scope
SKILL.md and scripts restrict actions to starting/checking the OpenClaw browser and opening YouTube Music search/watch URLs. The code does not attempt to read unrelated system files, request unrelated credentials, or POST data to external personal servers — it controls playback by opening search/watch URLs and relying on YouTube auto-play behavior. Error handling and caching behavior are local.
Install Mechanism
No remote download/install spec is present (instruction- and script-based skill). There are local scripts and Node files bundled with the skill; nothing pulls arbitrary code from external nonstandard hosts at install time, which keeps install risk low.
Credentials
Only declared env var is YOUTUBE_MUSIC_BROWSER_PROFILE and required binary is node — both plausible for a browser-automation skill. However, the code rarely reads that env var (scripts use a hardcoded/default profile 'openclaw'), so the declared env requirement appears unnecessary or misdocumented. No other credentials (API keys, tokens, AWS creds, etc.) are requested.
Persistence & Privilege
The skill does not request 'always: true' and will not be force-included. It creates small local cache files under /tmp (and scripts reference ~/.openclaw in docs) but does not attempt to change other skills' configs or system-wide auth. Local caches are persistent across runs but limited in scope.
Assessment
What to check before installing:
- Confirm you have and trust the OpenClaw CLI/browser tool: scripts call openclaw browser commands and will try to start a browser. If you don't have OpenClaw installed, parts will fail.
- The skill writes caches (e.g., /tmp/yt_music_v3_cache.json and /tmp/yt_music_v3.json). These files may contain mapping of queries to URLs/video IDs; review or clear them if you are concerned about local persistence. The skill does not exfiltrate data to external servers.
- The package declares YOUTUBE_MUSIC_BROWSER_PROFILE but the v3 scripts default to the 'openclaw' profile and don't read that env var; if you expect the skill to use a different browser profile, either set the profile manually in scripts or confirm how your OpenClaw environment should expose it.
- The Node scripts use child_process.execSync to call openclaw; this is expected for a browser-control skill but means commands run with the agent's privileges. Only install/run this skill in an environment you trust.
- If you want lower footprint, inspect or run the bundled scripts manually first (they are contained in the skill folder) rather than enabling autonomous invocation.
Overall: behavior is coherent with the stated purpose and no obvious data-exfiltration or unrelated credential access was found — treat it as functionally appropriate but verify OpenClaw tooling and the cache behavior before enabling.Like a lobster shell, security has layers — review code before you run it.
latestvk97bjqf92fpba45njekyh5f6ad81xfjz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎵 Clawdis
Binsnode
EnvYOUTUBE_MUSIC_BROWSER_PROFILE