Trust Assessment
youtube-channels received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 8 critical, 0 high, 0 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Potential Command Injection via User Input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/youtube-channels/scripts/tapi-auth.js:467 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/youtube-channels/scripts/tapi-auth.js:468 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/youtube-channels/scripts/tapi-auth.js:472 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/youtube-channels/scripts/tapi-auth.js:473 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/youtube-channels/scripts/tapi-auth.js:581 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/youtube-channels/scripts/tapi-auth.js:688 | |
| CRITICAL | Potential Command Injection via User Input The skill's setup instructions require the agent to execute a Node.js script (`./scripts/tapi-auth.js`) with user-provided inputs (email and OTP). If the agent directly interpolates these user inputs into the shell command string without proper sanitization or quoting, a malicious user could inject arbitrary shell commands. For example, if the user provides an email like `malicious@example.com; rm -rf /`, and the agent constructs the command as `node ./scripts/tapi-auth.js register --email malicious@example.com; rm -rf /`, it would lead to arbitrary code execution on the host system. The agent must ensure that all user-provided inputs (`USER_EMAIL`, `CODE`) are properly escaped or quoted when constructing the shell command. This can be achieved by using shell-safe quoting mechanisms (e.g., `shlex.quote` in Python) or by passing arguments as a list to the execution environment (e.g., `subprocess.run(['node', './scripts/tapi-auth.js', 'register', '--email', user_email], ...)`). | LLM | SKILL.md:15 | |
| CRITICAL | Potential Command Injection via User Input The skill's setup instructions require the agent to execute a Node.js script (`./scripts/tapi-auth.js`) with user-provided inputs (email and OTP). If the agent directly interpolates these user inputs into the shell command string without proper sanitization or quoting, a malicious user could inject arbitrary shell commands. For example, if the user provides an OTP like `123456; echo PWNED`, and the agent constructs the command as `node ./scripts/tapi-auth.js verify --token TOKEN_FROM_STEP_1 --otp 123456; echo PWNED`, it would lead to arbitrary code execution on the host system. The agent must ensure that all user-provided inputs (`USER_EMAIL`, `CODE`) are properly escaped or quoted when constructing the shell command. This can be achieved by using shell-safe quoting mechanisms (e.g., `shlex.quote` in Python) or by passing arguments as a list to the execution environment (e.g., `subprocess.run(['node', './scripts/tapi-auth.js', 'verify', '--token', token, '--otp', otp_code], ...)`). | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/d58d35338e784a9a)
Powered by SkillShield