← Back to Skills Marketplace
370
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install onnex-youtube
Description
YouTube transcripts, 4K downloads, and video exploration. Onnex-owned fork of youtube-ultimate. Security reviewed before install.
Usage Guidance
This skill's functionality matches its description, but the package metadata omits required runtime items: you need Python packages (google-api-python-client, google-auth-*, youtube-transcript-api) and the yt-dlp binary for downloads. Before installing: 1) review the remainder of scripts/youtube.py to confirm how subprocess/yt-dlp is invoked and that arguments are safe; 2) ensure you are comfortable with the skill creating and reading files under ~/.config and storing OAuth token.pickle; 3) install dependencies in an isolated environment (virtualenv or sandbox) or ask the publisher for an install spec; and 4) verify the upstream fork/source (Onnex ownership and security review claim) if provenance matters. If you want, I can scan the rest of scripts/youtube.py (the truncated portion) for the exact yt-dlp call and any other subprocess or network usage to reduce uncertainty.
Capability Analysis
Type: OpenClaw Skill
Name: onnex-youtube
Version: 4.2.2
The skill is classified as suspicious due to a critical arbitrary file write vulnerability in `scripts/youtube.py`. The `cmd_download` and `cmd_download_audio` functions use `subprocess.run` to execute `yt-dlp` with a user-controlled `--output` argument (`args.output`). This allows an attacker to specify arbitrary directories, potentially leading to writing files to sensitive system locations (e.g., `/etc/cron.d`, `~/.bashrc`) if the agent runs with sufficient permissions, which could result in privilege escalation or persistence. Furthermore, the `SKILL.md` file contains a misleading security claim stating "subprocess used only for yt-dlp with hardcoded safe arguments," which is false given the user-controlled output path. The skill also attempts to load OAuth credentials from `~/.config/gogcli/credentials.json`, which is an unusual path and could be a privacy concern if `gogcli` is an unrelated tool.
Capability Assessment
Purpose & Capability
The name/description (YouTube transcripts, downloads, exploration) match the included script's capabilities. However the skill declares no required binaries or environment settings while the code clearly expects Python libraries (google-api-python-client, youtube_transcript_api, etc.) and an external downloader (yt-dlp) for downloads. Those runtime requirements are not declared in the registry metadata or SKILL.md, which is an incoherence.
Instruction Scope
SKILL.md and the script's CLI stay within the stated scope (search, transcripts, video details, downloads). The script will read/write files under the user's home config (~/.config/youtube-skill, ~/.config/gogcli) to store OAuth credentials and token.pickle and may open a browser for OAuth. It also uses subprocess to invoke yt-dlp for downloads (subprocess usage is expected but inspect actual arguments in the remainder of the script before trusting safe behavior).
Install Mechanism
There is no install specification. The script includes a comment listing Python dependencies but the skill registry shows no install steps and no required binaries. That mismatch means the agent/runtime may not have the Python packages or yt-dlp available; the skill could fail or behave unexpectedly. Lack of an explicit install step for fetching dependencies is a deployment risk.
Credentials
The skill requests no environment variables, which is consistent with using local OAuth credentials files. It will create/read ~/.config/youtube-skill and a token pickle to persist OAuth tokens; this is proportional for OAuth behavior but you should be aware tokens are stored on disk. One minor oddity: it looks for credentials also under ~/.config/gogcli — unexpected but not necessarily malicious; clarify why that path is checked.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It persists only its own credentials/token under the user's config directory, which is normal for OAuth flows.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install onnex-youtube - After installation, invoke the skill by name or use
/onnex-youtube - Provide required inputs per the skill's parameter spec and get structured output
Version History
v4.2.2
Onnex-owned security-reviewed fork of youtube-ultimate v4.2.2. Audited 2026-03-04 by Oppy. Clean -- false positive VirusTotal flag confirmed.
Metadata
Frequently Asked Questions
What is Onnex YouTube?
YouTube transcripts, 4K downloads, and video exploration. Onnex-owned fork of youtube-ultimate. Security reviewed before install. It is an AI Agent Skill for Claude Code / OpenClaw, with 370 downloads so far.
How do I install Onnex YouTube?
Run "/install onnex-youtube" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Onnex YouTube free?
Yes, Onnex YouTube is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Onnex YouTube support?
Onnex YouTube is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Onnex YouTube?
It is built and maintained by MrT (@mrtlearns); the current version is v4.2.2.
More Skills