Safety Report

Universal Video Downloader

Name: Universal Video Downloader
Rating: 5 (6 reviews)
Author: ItzSubhadip

Download videos from YouTube, Instagram, TikTok, Twitter/X, and 1000+ other sites using yt-dlp. Supports quality selection and automatic cleanup. Use when a user provides a video link from any platform and wants to download it.

1,349Downloads

2Installs

6Stars

3Versions

Customer Support1,744 Video & Audio1,618 Social Media1,367 Networking & DNS1,102

Security Analysis

high confidence

Clean

The skill is internally consistent: it expects yt-dlp and ffmpeg and its code/instructions match the stated purpose of downloading videos; it does not request unrelated credentials, hidden endpoints, or unusual installs.

Feb 11, 20262 files

Purpose & Capabilityok

Name/description match the requested binaries (yt-dlp, ffmpeg) and the included script implements info and download actions using yt-dlp. No unexplained environment variables, packages, or external services are requested.

Instruction Scopeok

SKILL.md instructs the agent to call the provided script to fetch formats and download, send the file via the message tool, and then delete it. The instructions do not attempt to read unrelated files, environment variables, or transmit data to unexpected endpoints. The required cleanup step is explicit.

Install Mechanismok

There is no install spec (instruction-only with a bundled script). That lowers install risk; the skill relies on existing system binaries (yt-dlp, ffmpeg) which must be provided by the environment.

Credentialsok

The skill requests no credentials or config paths. The lack of env secrets is proportional to a downloader tool. The included script runs yt-dlp (which will access network resources) — this is expected and aligned with purpose.

Persistence & Privilegeok

always:false (no forced presence) and normal autonomous invocation settings. The skill does not request persistent system-wide changes or modify other skills' configurations.

Guidance

This skill appears to do exactly what it claims, but take these practical precautions before installing: 1) Ensure yt-dlp and ffmpeg are installed from trusted sources (distribution packages or official releases) because the skill runs those binaries. 2) Be aware yt-dlp will fetch remote content (network activity is expected). 3) Confirm you have permission to download the content (copyright and platform terms). 4) Make sure the agent has permission to write and delete files in its working directory; the SKILL.md requires immediate deletion after upload to free disk space. 5) If you do not want the agent to download files without explicit user confirmation, restrict autonomous invocation or require explicit user prompts. Overall the skill is coherent and contains no evident exfiltration or unrelated credential requests.

Latest Release

v1.0.2

Clarified cleanup instructions: agent must run rm after sending file.

More by @ItzSubhadip

YouTube Transcript (yt-dlp captions)

0 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Published by @ItzSubhadip on ClawHub