Trust Assessment
TubeScribe received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 66 findings: 31 critical, 30 high, 4 medium, and 1 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Suspicious import: urllib.request.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings66
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/setup.py:51 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/setup.py:99 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/setup.py:112 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/setup.py:138 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/setup.py:233 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/setup.py:458 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/setup.py:465 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/setup.py:502 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/setup.py:556 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/setup.py:563 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/setup.py:571 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/tubescribe.py:212 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/tubescribe.py:293 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/tubescribe.py:387 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/tubescribe.py:641 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/tubescribe.py:689 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/tubescribe.py:703 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/tubescribe.py:744 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/tubescribe.py:785 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/tubescribe.py:847 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/tubescribe.py:856 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/tubescribe.py:883 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/tubescribe.py:923 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/tubescribe.py:936 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/tubescribe.py:962 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/tubescribe.py:1052 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/tubescribe.py:1058 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/tubescribe.py:1083 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/matusvojtek/tubescribe/scripts/tubescribe.py:1099 | |
| CRITICAL | Untrusted instructions to host LLM The `SKILL.md` file, which is explicitly marked as untrusted input, contains direct instructions intended for the host LLM. Examples include "Spawn sub-agent with the full pipeline task **immediately**" and "DO NOT BLOCK". This attempts to manipulate the LLM's behavior and control its execution flow based on content that should be treated as user data or documentation, not commands. Move all instructions intended for the host LLM outside the untrusted input delimiters. The untrusted content should only contain data or user-facing documentation, not commands for the LLM. | LLM | SKILL.md:50 | |
| CRITICAL | Command injection via unsanitized LLM-generated string in `python -c` The `SKILL.md` instructs the sub-agent to execute a Python command using `python3 -c "text = '''YOUR SUMMARY TEXT HERE''' ..."`. The `YOUR SUMMARY TEXT HERE` portion is generated by the LLM based on video content. If this summary text contains triple quotes (`'''`) or other shell metacharacters, it can break out of the Python string literal and allow arbitrary code execution within the sub-agent's environment. Instead of embedding the summary text directly into a `python -c` command, pass the summary text as a file path to a Python script, or use a more robust method for inter-process communication that avoids shell interpolation of untrusted data. For example, the `tubescribe.py` script could have a `--summary-text-file` argument. | LLM | SKILL.md:108 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'check_python_package'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/setup.py:51 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'install_with_brew'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/setup.py:233 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'install_mlx_audio'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/setup.py:465 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'install_mlx_audio'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/setup.py:502 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'install_kokoro'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/setup.py:563 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'install_kokoro'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/setup.py:571 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'get_python_for_kokoro'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/setup.py:99 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'get_python_for_kokoro'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/setup.py:112 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'find_kokoro'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/setup.py:138 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'install_mlx_audio'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/setup.py:458 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'install_kokoro'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/setup.py:556 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'fetch_comments'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/tubescribe.py:212 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'download_transcript'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/tubescribe.py:387 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function '_get_or_create_mlx_blended_voice'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/tubescribe.py:744 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function '_get_or_create_mlx_blended_voice'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/tubescribe.py:785 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'generate_mlx_audio'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/tubescribe.py:847 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function '_check_python_has_deps'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/tubescribe.py:883 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'generate_kokoro_audio'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/tubescribe.py:1052 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'generate_builtin_audio'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/tubescribe.py:1083 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'get_video_metadata'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/tubescribe.py:293 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'find_mlx_audio'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/tubescribe.py:689 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'find_mlx_audio'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/tubescribe.py:703 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'find_kokoro'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/tubescribe.py:923 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'find_kokoro'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/tubescribe.py:936 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'generate_builtin_audio'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/tubescribe.py:1099 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'generate_mlx_audio'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/tubescribe.py:856 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'find_kokoro'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/tubescribe.py:962 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'generate_kokoro_audio'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/tubescribe.py:1058 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'convert_to_document'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/matusvojtek/tubescribe/scripts/tubescribe.py:641 | |
| HIGH | Unsanitized URL in Markdown-to-HTML conversion leads to XSS In `scripts/html_writer.py`, the `markdown_to_html` function processes `[text](url)` links. The `link_url` is directly inserted into the `href` attribute of an `<a>` tag without sanitization. A malicious user could provide a `javascript:` URL (e.g., `[click me](javascript:alert(document.domain))`) in the YouTube comments or transcript, which would execute arbitrary JavaScript when the generated HTML document is viewed in a browser. Sanitize the `link_url` to ensure it only uses safe schemes (e.g., `http`, `https`, `mailto`) and does not contain `javascript:` or other potentially malicious protocols. A common approach is to use a URL parsing library to validate the scheme. | LLM | scripts/html_writer.py:204 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/matusvojtek/tubescribe/scripts/setup.py:252 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/matusvojtek/tubescribe/scripts/setup.py:365 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/matusvojtek/tubescribe/scripts/tubescribe.py:37 | |
| MEDIUM | Unreliable filename sanitization for `pandoc` command The `SKILL.md` instructs the sub-agent to execute `pandoc <output_path> -o ~/Documents/TubeScribe/<safe_title>.docx`. It states "Clean the title for filename (remove special chars)", but this sanitization is left to the LLM, which is not a reliable mechanism for security-critical operations. If the LLM fails to properly sanitize `safe_title`, it could lead to path traversal (e.g., `../../malicious.docx`) or command injection if the filename is interpreted by the shell in an unexpected way. Implement robust, programmatic sanitization of filenames within the `tubescribe.py` script (or a dedicated utility function) before they are used in shell commands. The LLM should not be relied upon for security sanitization. Ensure that the `safe_title` only contains allowed characters and does not allow path separators. | LLM | SKILL.md:102 | |
| LOW | Unverified download source for `yt-dlp` binary The `SKILL.md` states that if `yt-dlp` is not found, "setup downloads a standalone binary to the tools directory." The `scripts/setup.py` and `scripts/tubescribe.py` search for `yt-dlp` in `~/.openclaw/tools/yt-dlp`. However, the source URL or verification mechanism (e.g., cryptographic hash) for this download is not specified in the provided context. This introduces a supply chain risk, as a compromised download source could lead to the installation of a malicious `yt-dlp` binary. Specify the exact, trusted URL for downloading `yt-dlp` and include a cryptographic hash (e.g., SHA256) to verify the integrity of the downloaded binary before execution. | LLM | SKILL.md:270 |
Scan History
Embed Code
[](https://skillshield.io/report/bf294f3ecf333351)
Powered by SkillShield