Trust Assessment
tl-dw received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 0 high, 3 medium, and 1 low severity. Key findings include Missing required field: name, Suspicious import: requests, Arbitrary file read via `--cookies` argument.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 61/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary file read via `--cookies` argument The `scripts/extract_transcript.py` script accepts a `--cookies` argument which specifies a path to a Netscape-format cookie file. This path is directly passed to `yt-dlp`'s `cookiefile` option. An attacker could use prompt injection to manipulate the LLM into providing a path to an arbitrary file (e.g., `/etc/passwd`, `/app/secrets.txt`) as the `--cookies` argument. `yt-dlp` would then attempt to read this file, potentially leading to data exfiltration through error messages, logs, or by processing its content as if it were a cookie file. Implement strict validation for the `--cookies` argument, ensuring it points to a file within an allowed, sandboxed directory (e.g., `tldw/cookies/`). Alternatively, if the cookie file is meant to be user-provided, the skill should explicitly instruct the LLM to *never* allow user input to directly form this path, or use a more secure method for handling credentials. | LLM | scripts/extract_transcript.py:68 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/vovavvk/tl-dw/SKILL.md:1 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/vovavvk/tl-dw/scripts/extract_transcript.py:33 | |
| MEDIUM | Disabled SSL certificate verification The `yt-dlp` configuration includes `'nocheckcertificate': True`, which disables SSL/TLS certificate verification. This makes the skill vulnerable to Man-in-the-Middle (MitM) attacks when fetching video information or captions, as it will not verify the authenticity of the servers it connects to. While sometimes used to bypass specific network issues, it significantly reduces the security posture. Remove `'nocheckcertificate': True` from the `ydl_opts` dictionary. If specific SSL issues arise, investigate and address them properly (e.g., by configuring trusted CAs) rather than disabling verification globally. | LLM | scripts/extract_transcript.py:60 | |
| LOW | Unpinned Python dependencies The `SKILL.md` instructs to install `yt-dlp` and `webvtt-py` without specifying version pins (`venv/bin/pip install yt-dlp webvtt-py`). This can lead to non-deterministic builds and introduces a supply chain risk, as future installations might pull in new versions that could contain breaking changes, security vulnerabilities, or unexpected behavior. Pin all Python dependencies to specific versions (e.g., `yt-dlp==2023.11.16`, `webvtt-py==0.11.0`) in the installation instructions or, preferably, use a `requirements.txt` file with pinned versions. | LLM | SKILL.md:108 |
Scan History
Embed Code
[](https://skillshield.io/report/e7fbff9207789b29)
Powered by SkillShield