Skillv1.0.3

ClawScan security

u2-downloader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 25, 2026, 2:09 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is an instruction-only wrapper that sends a user-provided API key to an unknown third‑party service to download YouTube videos — the functionality is plausible but the package lacks source/homepage and fails to declare the required credential, so caution is warranted.
Guidance: This skill routes downloads through an unvetted third-party (u2foru.site) and asks you to generate and paste a bearer API key — a payment-capable secret — into OpenClaw. Before installing: verify the vendor (look for a reputable homepage or source repo), confirm how OpenClaw stores and scopes the API key (is it stored only for this skill and encrypted?), review the service's billing and privacy terms, and prefer skills with published source code or well-known providers. If you only need downloads, consider running a local tool you control (e.g., yt-dlp) instead of giving a third party an API key. If you proceed, use a dedicated API key with minimal funds and monitor your account for unexpected charges.

Review Dimensions

Purpose & Capability: concernThe described purpose (YouTube downloader via a pay-per-use API) matches the runtime instructions which call https://u2foru.site endpoints. However the registry metadata declares no primary credential or required env vars, while SKILL.md explicitly instructs the user to obtain and provide an API key (format sk-yt-xxxxx). The absence of a declared credential in the package metadata is an inconsistency.
Instruction Scope: noteSKILL.md is instruction-only and stays within the stated purpose: it tells the agent to send requests to the vendor API and to include a bearer API key. It does not instruct reading local files or other system credentials. However it directs the user to register at an external, unvetted domain (u2foru.site) and to paste the API key into OpenClaw, which is a sensitive user action.
Install Mechanism: okThere is no install script or code to download — the skill is instruction-only. This keeps disk-write and code-execution risk low. The Quick Install references a URL for installing the skill via OpenClaw but there is no archive or remote code fetch specified in the skill package itself.
Credentials: concernThe skill requires a secret API key to operate, which is reasonable for a paid third‑party API. But the package metadata does not declare this credential (primaryEnv missing), so the required secret is not explicit in the registry. The external service is unknown and pay-per-use — providing a key may enable billing/charges and potential misuse. No other credentials are requested.
Persistence & Privilege: okThe skill does not request always: true, does not include installs that modify other skills, and is not requesting elevated or persistent system privileges. Autonomous invocation remains allowed (platform default) but does not combine with other high‑privilege flags here.