Trust Assessment
youtube-music-cast received a trust score of 90/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Unsanitized User Input, Home Assistant Long-Lived Access Token Stored in Plaintext, Local HTTP Server Exposes Downloaded Files on Network.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Unsanitized User Input The skill describes commands such as `cast-download <URL>` and `cast-play <file>`. User-provided URLs and filenames are passed to underlying shell commands (`yt-dlp`, `ffmpeg`, `curl`, `python3 -m http.server`). If these inputs are not properly sanitized or quoted when interpolated into shell commands within the `scripts/*` files, a malicious user could inject arbitrary shell commands. For example, a specially crafted filename (e.g., containing shell metacharacters like `;`, `&`, `|`) could execute arbitrary commands when `cast-play` attempts to use it. The 'File Naming Best Practices' section implicitly acknowledges the importance of clean filenames, suggesting that filenames are indeed processed by shell commands. Ensure all user-provided inputs (URLs, filenames, options) are rigorously sanitized and properly quoted (e.g., using `printf %q` in bash or `shlex.quote` in Python) before being passed to any shell command or external utility. Implement strict input validation to reject malicious characters or patterns. | LLM | SKILL.md:189 | |
| INFO | Home Assistant Long-Lived Access Token Stored in Plaintext The skill stores a Home Assistant long-lived access token in a plaintext file (`~/.youtube-music-cast/config.sh`). While this is a common pattern for CLI tools, long-lived tokens are powerful and their storage in a plain-text file in the user's home directory means they are vulnerable if the user's system is compromised or if file permissions are not strictly enforced. The skill correctly advises against committing this file to Git, but the local storage method itself carries inherent risks. Consider using more secure credential storage mechanisms, such as OS-specific keychains (e.g., macOS Keychain, Linux Secret Service, Windows Credential Manager) or environment variables for sensitive tokens. If file storage is necessary, ensure strict file permissions (e.g., `chmod 600 config.sh`) are applied to restrict access to the owner only. | LLM | SKILL.md:290 | |
| INFO | Local HTTP Server Exposes Downloaded Files on Network The skill starts a Python HTTP server (`python3 -m http.server`) to serve downloaded media files over the local network. While intended for local use, if the `SERVER_IP` is misconfigured to `0.0.0.0` (all interfaces) and the host machine is directly exposed to the internet or an untrusted network segment, this could inadvertently expose the `DOWNLOAD_DIR` contents to external parties. The skill explicitly states 'accessible over your local network' and uses `/tmp/youtube-music` as the download directory, which limits the scope of exposure, but misconfiguration or an insecure network could broaden it. Ensure the HTTP server is explicitly bound to a specific local IP address (e.g., `127.0.0.1` or the local network interface IP) rather than `0.0.0.0` unless explicitly required and understood. Advise users to ensure their local network is secure and not directly exposed to the internet. | LLM | SKILL.md:152 |
Scan History
Embed Code
[](https://skillshield.io/report/84cb6c396b0f69a6)
Powered by SkillShield