Trust Assessment
video-transcript-downloader received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Unpinned npm dependency version, Command Injection via yt-dlp extra arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via yt-dlp extra arguments The skill allows users to pass arbitrary extra arguments to the `yt-dlp` command via the `--` separator. `yt-dlp` supports an `--exec` argument which can execute arbitrary shell commands after a download. A malicious user could leverage this to execute commands on the host system where the agent is running, leading to full system compromise if the agent has sufficient permissions. Sanitize or strictly validate the `extra` arguments passed to `yt-dlp`. Specifically, disallow or filter out dangerous arguments like `--exec`, `--postprocessor-args`, or any other argument that allows arbitrary command execution or file system manipulation outside of the intended scope. Consider using a whitelist of allowed `yt-dlp` arguments. | LLM | scripts/vtd.js:221 | |
| HIGH | Excessive Permissions: Arbitrary file write to user-specified directory The skill allows users to specify an arbitrary `outputDir` for downloaded files. If not provided, it defaults to `os.homedir()`. This means a malicious user can instruct the skill to download files to any directory the agent has write permissions to. This could lead to overwriting critical system files, dropping malicious executables in system paths, or exfiltrating data by writing to publicly accessible directories, depending on the agent's execution context and permissions. Restrict the `outputDir` to a predefined, secure, and isolated temporary directory or a sub-directory within the skill's own workspace. Do not allow users to specify arbitrary paths. If user-specified paths are absolutely necessary, implement strict validation to ensure paths are within an allowed, sandboxed directory and prevent path traversal (e.g., disallow `../`). | LLM | scripts/vtd.js:269 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/steipete/video-transcript-downloader/scripts/vtd.js:173 | |
| MEDIUM | Unpinned npm dependency version Dependency 'youtube-transcript-plus' is not pinned to an exact version ('^1.1.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/steipete/video-transcript-downloader/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/c105c23a5d1457f3)
Powered by SkillShield