← Back to Skills Marketplace
YouTube Media Downloader
by
Xander Rey
· GitHub ↗
· v1.0.0
997
Downloads
2
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install youtube-media-downloader
Description
Download audio (MP3) and video (MP4) files from YouTube URLs. Use when users want to convert YouTube videos to files, extract music/songs, download videos fo...
Usage Guidance
This skill appears to do what it claims (download/convert YouTube media), but review and consider the following before installing or running it:
- The bundled scripts download executables at runtime (yt-dlp and ffmpeg) via curl and extract them into $HOME without verifying checksums or signatures — this can be a supply-chain/tampering risk if network or upstream sources are compromised. Prefer installing yt-dlp and ffmpeg yourself from trusted package managers or verified releases, or modify the scripts to verify checksums/signatures.
- The scripts write files into your home directory and make binaries executable; run them in a sandbox/container or as a limited user if you are concerned about filesystem changes.
- There are no unexpected environment variables or secret accesses, and the behavior matches the description (playlist support, batch files, audio/video options).
- If you plan to use this, inspect the scripts line-by-line and consider replacing the 'latest' download links with pinned versioned releases and adding integrity checks. Also be mindful of copyright and YouTube terms when downloading content.
Capability Analysis
Type: OpenClaw Skill
Name: youtube-media-downloader
Version: 1.0.0
The skill is suspicious due to severe shell injection vulnerabilities in `scripts/batch_download.sh` and `scripts/download_media.sh`. User-controlled input for output directories and filenames (e.g., via `-o` flag or `OUTPUT_FILENAME` argument) is directly interpolated into shell commands (e.g., `yt-dlp`, `ls`, `find`) without proper sanitization, allowing arbitrary command execution. Additionally, both scripts automatically download and execute external binaries (`yt-dlp` from `github.com/yt-dlp` and `ffmpeg` from `github.com/BtbN/FFmpeg-Builds`) from the internet, posing a significant supply chain risk if these external sources were compromised.
Capability Assessment
Purpose & Capability
Name/description align with implementation: scripts use yt-dlp and ffmpeg to download/convert YouTube URLs, support playlists and batch files, and expose the flags described in SKILL.md.
Instruction Scope
SKILL.md and scripts stay within the downloader scope (accept URLs/files, set quality, output paths). They instruct the agent to run bundled shell scripts that create directories in $HOME and download remote binaries (yt-dlp, ffmpeg). No instructions to read unrelated system files or to transmit data to unexpected endpoints.
Install Mechanism
The scripts auto-install yt-dlp and ffmpeg by curling files from GitHub releases (yt-dlp) and BtbN/FFmpeg-Builds and extracting into $HOME. While GitHub is a common source, the scripts use 'latest' redirects and perform no checksum/signature verification — they download and write executables to disk and mark them executable, which increases supply-chain and tampering risk.
Credentials
No environment variables, credentials, or config paths are requested. The resources accessed (yt-dlp, ffmpeg) are appropriate for the task; no unrelated secrets are requested.
Persistence & Privilege
Skill is not always-enabled and does not modify other skills or system-wide settings. It installs binaries into the user's home directory only, which is expected for a portable downloader, but still changes local filesystem state.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install youtube-media-downloader - After installation, invoke the skill by name or use
/youtube-media-downloader - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of YouTube Media Downloader.
- Download audio (MP3) and video (MP4) from YouTube URLs, including entire playlists and batch files.
- Quality options for video (best, 720p, 480p, 360p, worst); high-quality audio selected automatically.
- Supports flexible output directory, custom file naming, date-based folders, and auto-numbering in playlists.
- Range selection, max downloads, and resume support for playlists or batched URLs.
- Auto-installs dependencies (yt-dlp, ffmpeg); portable setup with no admin access needed.
- Error handling ensures robust batch processing; script usage and flag details provided.
Metadata
Frequently Asked Questions
What is YouTube Media Downloader?
Download audio (MP3) and video (MP4) files from YouTube URLs. Use when users want to convert YouTube videos to files, extract music/songs, download videos fo... It is an AI Agent Skill for Claude Code / OpenClaw, with 997 downloads so far.
How do I install YouTube Media Downloader?
Run "/install youtube-media-downloader" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is YouTube Media Downloader free?
Yes, YouTube Media Downloader is completely free (open-source). You can download, install and use it at no cost.
Which platforms does YouTube Media Downloader support?
YouTube Media Downloader is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created YouTube Media Downloader?
It is built and maintained by Xander Rey (@xanderrey); the current version is v1.0.0.
More Skills