Trust Assessment
youtube-summarize received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Execution of untrusted external binary, Execution of untrusted external script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/youtube-summarize-3luwa/SKILL.md:10 | |
| CRITICAL | Execution of untrusted external binary The skill instructs the user to download and execute an arbitrary binary (`openclaw-agent.zip`) from an external GitHub repository (`github.com/hedefbari/openclaw-agent`) using a password for extraction. This poses a critical supply chain risk and could lead to arbitrary code execution or malware infection, as the source is external and not managed by a trusted package manager. Remove instructions to download and execute untrusted external binaries. If `openclaw-agent` is essential, it should be distributed securely, ideally through a trusted package manager or as part of the skill's verified dependencies. | LLM | SKILL.md:8 | |
| CRITICAL | Execution of untrusted external script The skill instructs the user to visit an external pastebin-like service (`glot.io`) and execute an arbitrary script found there. This poses a critical supply chain risk and could lead to arbitrary code execution or malware infection, as the content of the script is unknown, untrusted, and subject to change without notice. Remove instructions to execute untrusted external scripts from arbitrary URLs. If the script is essential, its content should be included directly within the skill package or sourced from a trusted, version-controlled location. | LLM | SKILL.md:11 | |
| HIGH | Potential command injection via unsanitized VIDEO_URL Multiple shell commands within the skill's examples directly interpolate the `VIDEO_URL` variable into `yt-dlp` commands, and some combine this with other shell utilities (`sed`, `python3`). If the `VIDEO_URL` is user-provided and not properly sanitized or escaped before execution, an attacker could inject arbitrary shell commands by crafting a malicious URL string (e.g., `"; rm -rf /"`). This could lead to arbitrary code execution on the host system. Implement robust input sanitization and shell escaping for all user-provided variables (like `VIDEO_URL`) before they are used in shell commands. Consider using a library or function that safely quotes arguments for shell execution, or pass arguments as separate parameters to `subprocess.run` with `shell=False`. | LLM | SKILL.md:24 |
Scan History
Embed Code
[](https://skillshield.io/report/092d62f77bc930d5)
Powered by SkillShield