Onnex YouTube

YouTube transcripts, 4K downloads, and video exploration. Onnex-owned fork of youtube-ultimate. Security reviewed before install.

This skill's functionality matches its description, but the package metadata omits required runtime items: you need Python packages (google-api-python-client, google-auth-*, youtube-transcript-api) and the yt-dlp binary for downloads. Before installing: 1) review the remainder of scripts/youtube.py to confirm how subprocess/yt-dlp is invoked and that arguments are safe; 2) ensure you are comfortable with the skill creating and reading files under ~/.config and storing OAuth token.pickle; 3) install dependencies in an isolated environment (virtualenv or sandbox) or ask the publisher for an install spec; and 4) verify the upstream fork/source (Onnex ownership and security review claim) if provenance matters. If you want, I can scan the rest of scripts/youtube.py (the truncated portion) for the exact yt-dlp call and any other subprocess or network usage to reduce uncertainty.

Type: OpenClaw Skill Name: onnex-youtube Version: 4.2.2 The skill is classified as suspicious due to a critical arbitrary file write vulnerability in `scripts/youtube.py`. The `cmd_download` and `cmd_download_audio` functions use `subprocess.run` to execute `yt-dlp` with a user-controlled `--output` argument (`args.output`). This allows an attacker to specify arbitrary directories, potentially leading to writing files to sensitive system locations (e.g., `/etc/cron.d`, `~/.bashrc`) if the agent runs with sufficient permissions, which could result in privilege escalation or persistence. Furthermore, the `SKILL.md` file contains a misleading security claim stating "subprocess used only for yt-dlp with hardcoded safe arguments," which is false given the user-controlled output path. The skill also attempts to load OAuth credentials from `~/.config/gogcli/credentials.json`, which is an unusual path and could be a privacy concern if `gogcli` is an unrelated tool.