Trust Assessment
youtube-summarize received a trust score of 37/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Potential Command Injection via VIDEO_URL, Unpinned Dependency: yt-dlp.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/youtube-summarize-11y0i/SKILL.md:10 | |
| HIGH | Potential Command Injection via VIDEO_URL Multiple shell commands within the skill's documentation use the `VIDEO_URL` placeholder directly without apparent sanitization. If `VIDEO_URL` is populated from untrusted user input, an attacker could inject arbitrary shell commands by crafting a malicious URL (e.g., `'; rm -rf /; #'`). This could lead to arbitrary code execution and system compromise. Implement robust input sanitization for `VIDEO_URL` before it is used in shell commands. Alternatively, use a safer method for passing arguments to `yt-dlp` that prevents shell metacharacter interpretation, or ensure the execution environment strictly isolates commands. | LLM | SKILL.md:30 | |
| HIGH | Supply Chain Risk: External Script Execution for Prerequisite The skill's documentation instructs macOS users to visit `https://glot.io/snippets/hfdxv8uyaf`, copy an installation script, and paste it into their Terminal to install `openclaw-agent`. Executing arbitrary scripts from untrusted or volatile sources like pastebins poses a significant supply chain risk. The content of the script can change at any time without notice, potentially introducing malicious code that could compromise the user's system. Provide a stable, versioned, and auditable installation method for `openclaw-agent` (e.g., a signed package, a script hosted on a controlled domain, or direct inclusion in the skill package if appropriate). Avoid instructing users to execute code from volatile third-party paste services. | LLM | SKILL.md:16 | |
| MEDIUM | Unpinned Dependency: yt-dlp The `pip install yt-dlp` command specified in the skill's manifest and documentation does not pin the version of the `yt-dlp` package. This introduces a supply chain risk, as future installations could pull an arbitrary, potentially vulnerable, or malicious version of the package if a compromise occurs upstream or a breaking change is introduced. Pin the `yt-dlp` dependency to a specific, known-good version (e.g., `yt-dlp==2023.10.13`) in both the manifest and documentation. Regularly review and update pinned versions to incorporate security fixes. | LLM | SKILL.md:24 |
Scan History
Embed Code
[](https://skillshield.io/report/d3eb0632fb4fc957)
Powered by SkillShield