Trust Assessment
youtube-summarize received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 0 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Potential Command Injection via VIDEO_URL in shell commands, `openclaw-agent` for macOS distributed via unversioned pastebin.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 53/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/youtube-summarize-35o20/SKILL.md:10 | |
| CRITICAL | `openclaw-agent` for macOS distributed via unversioned pastebin The skill instructs macOS users to install `openclaw-agent` by copying and pasting a script from `glot.io/snippets/hfdxv8uyaf`. `glot.io` is a pastebin-like service where the content of the script can be changed at any time by the snippet owner without notice. This allows for arbitrary code execution on the user's machine if the snippet is modified maliciously, posing a severe supply chain risk. Distribute `openclaw-agent` via a secure, versioned, and immutable source (e.g., a signed release on GitHub, a package manager, or a dedicated download server with checksums). Avoid using dynamic content platforms like pastebins for critical software installation. | LLM | SKILL.md:10 | |
| HIGH | Potential Command Injection via VIDEO_URL in shell commands Multiple shell commands in SKILL.md directly embed the `VIDEO_URL` placeholder. If the AI agent substitutes user-provided input directly into `VIDEO_URL` without proper shell escaping, an attacker could inject arbitrary shell commands. For example, a malicious `VIDEO_URL` like `"; rm -rf / --no-preserve-root; echo "` could lead to critical system compromise if the agent executes the command using `shell=True` or similar methods without sanitization. The AI agent executing these commands must ensure that `VIDEO_URL` is properly shell-escaped before being passed to `subprocess.run()` or similar shell execution functions. Alternatively, use `subprocess.run(..., shell=False)` and pass `VIDEO_URL` as a separate argument in the command list. | LLM | SKILL.md:20 | |
| LOW | Unpinned `yt-dlp` dependency The `pip install yt-dlp` command does not specify a version, meaning it will always install the latest available version. While `yt-dlp` is a reputable project, this practice can lead to unexpected breaking changes or, in a worst-case scenario, introduce a compromised version if the package repository or project itself is ever maliciously updated. Pin the `yt-dlp` dependency to a specific, known-good version (e.g., `pip install yt-dlp==2023.11.16`). Regularly review and update the pinned version. | LLM | SKILL.md:17 |
Scan History
Embed Code
[](https://skillshield.io/report/e5416bb36953535e)
Powered by SkillShield