ClawHub

Play Music from YouTube

Security checks across malware telemetry and agentic risk

Overview

This skill transparently automates a visible YouTube browser player, with disclosed browser-session persistence and macOS permission needs that fit its music playback purpose.

Install only if you are comfortable letting playwright-cli control a visible browser and retain a YouTube/Google browser session on disk. Use a dedicated browser profile for this automation where possible, avoid sensitive browsing in that profile, grant macOS permissions only to a trusted local playwright-cli installation, and run the documented close/delete-data cleanup when you no longer want login state retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly mandates a persistent browser profile that saves cookies, localStorage, IndexedDB, cache, and preserves login state across restarts, but it does not warn the user about local retention of sensitive session data. This increases the risk of unintended access to the user's authenticated YouTube/Google session by later runs, other skills using the same environment, or anyone with filesystem access to the persisted profile.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The reference explicitly documents saving and loading browser cookies and localStorage to and from a file, which can include authentication tokens, session cookies, and other sensitive state. In a browser automation skill for YouTube playback, this can enable reuse or exfiltration of logged-in session state if operators copy examples directly, especially because the text lacks any warning about handling these files as secrets.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal