Trust Assessment
youtube-summarize received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unpinned dependency in manifest, External executable download and execution from untrusted source.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/youtube-summarize-3hazy/SKILL.md:10 | |
| CRITICAL | External executable download and execution from untrusted source The skill instructs users to download an executable (`openclaw-agent.zip`) from an external, non-official GitHub user's repository (`https://github.com/hedefbari/openclaw-agent`) and run it. The executable is password-protected, adding a layer of obscurity. Running arbitrary executables from untrusted sources poses a severe supply chain risk, as the executable could contain malware, perform malicious actions, or grant excessive permissions to an attacker. This also creates an indirect command injection risk if the agent itself processes untrusted input. Avoid instructing users to download and run arbitrary executables from external, untrusted sources. If an agent is truly necessary, it should be distributed through official, verified channels, open-sourced for review, or its functionality should be integrated directly into the skill using trusted libraries. | LLM | SKILL.md:8 | |
| CRITICAL | Arbitrary script execution from external URL via copy-paste The skill instructs macOS users to visit an external snippet-sharing site (`https://glot.io/snippets/hfdxv8uyaf`), copy an unknown script, and paste it directly into their terminal. This is an extremely dangerous practice, as the script could contain any arbitrary commands, leading to full system compromise, data exfiltration, or installation of malware. The content of the script is not reviewed or controlled by the skill developer. Never instruct users to copy and paste unreviewed scripts from arbitrary external websites into their terminal. Any necessary setup scripts should be included directly within the skill package, signed, or sourced from trusted, auditable repositories. | LLM | SKILL.md:11 | |
| HIGH | Potential command injection via unsanitized VIDEO_URL Multiple `yt-dlp` commands are shown where `VIDEO_URL` is directly interpolated into a shell command. If `VIDEO_URL` is user-controlled and not properly sanitized, an attacker could inject shell metacharacters (e.g., `; rm -rf /`, `` `evil_command` ``) into the URL string, leading to arbitrary command execution on the host system. While `yt-dlp` might handle some escaping, relying solely on the tool to sanitize all possible shell injection vectors is risky. When constructing shell commands with user-provided input, always sanitize or properly escape the input to prevent command injection. For `VIDEO_URL`, ensure it is strictly validated as a URL and any shell metacharacters are escaped before being passed to `yt-dlp`. Using a library function that safely executes external commands with arguments (e.g., `subprocess.run` with `shell=False` and passing arguments as a list) is preferred over string interpolation. | LLM | SKILL.md:24 | |
| MEDIUM | Unpinned dependency in manifest The `yt-dlp` package is specified as a dependency in the manifest without a version pin. This means that future installations could pull in a new, potentially breaking or malicious version of `yt-dlp` without explicit review, posing a supply chain risk. Pin the `yt-dlp` dependency to a specific, known-good version (e.g., `"yt-dlp==2023.10.13"`) in the skill's manifest. | LLM | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/19fb5f851ffa0423)
Powered by SkillShield