Play Music from YouTube
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used outside the intended workflow, the agent could navigate or interact with browser pages more broadly than just pressing play.
The skill can invoke the full playwright-cli command surface through Bash. That is expected for browser-based YouTube playback, but it is broader than a single playback-only control.
allowed-tools: Bash(playwright-cli:*)
Use this skill only for YouTube music playback and keep the visible browser session in view when possible.
If you log into YouTube or Google in this automated browser, that session may remain available to the skill in later uses.
The skill intentionally persists browser profile data, including cookies and login state, for the music player session.
Always include `--persistent` when opening a new session. This saves the browser profile (cookies, localStorage, IndexedDB, cache) to disk, so login state survives session restarts.
Use a separate or low-risk browser session/account if desired, and clear the persistent profile when you no longer want login state retained.
Granting these permissions can allow the automation tool to observe or control browser UI more broadly than normal web browsing.
The skill may require broad macOS automation and visibility permissions for playwright-cli to inspect and control the browser.
Approve all to enable snapshot generation. ... Screen Recording ... Automation ... Accessibility
Grant these permissions only if you trust the local playwright-cli setup, and revoke them later if you no longer use the skill.
Local snapshot files may reveal what was searched or visible in the YouTube browser session.
Browser snapshots may be written to local files and can contain page text, search terms, and visible account UI from the automated YouTube session.
Snapshots generated by `playwright-cli` may exist in two possible locations: `$WORKSPACE/.playwright-cli/` ... `~/.playwright-cli/`
Avoid navigating this automated session to sensitive pages and periodically clear local playwright-cli snapshot/profile data if privacy matters.
The music browser may continue running and retaining session state until explicitly stopped or closed.
The browser session is designed to keep running after music starts, which is expected for playback but is still persistent local activity.
After playback begins, do not block waiting. Continue responding normally.
Use the skill's stop or close-player controls when finished, and clear persistent data if you do not want the session retained.