Trust Assessment
youtube-summarize received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 2 high, 0 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Potential Command Injection via unsanitized VIDEO_URL, Execution of arbitrary script from untrusted source (glot.io).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 38/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/youtube-summarize-8edua/SKILL.md:10 | |
| CRITICAL | Execution of arbitrary script from untrusted source (glot.io) The skill instructs users to copy and paste an installation script from `glot.io` into their terminal to install `openclaw-agent`. `glot.io` is a code snippet sharing service and is not a trusted software distribution platform. Running arbitrary scripts from such a source poses a severe supply chain risk, as the content of the script could be malicious, leading to system compromise, data exfiltration, or other severe security breaches. Remove the instruction to download and execute scripts from `glot.io`. Provide a trusted, verifiable installation method for `openclaw-agent` (e.g., signed package, official repository, or include the agent within the skill package if it's small and open-source, with clear source code). | LLM | SKILL.md:16 | |
| HIGH | Potential Command Injection via unsanitized VIDEO_URL Multiple `yt-dlp` commands in the skill directly embed the `VIDEO_URL` parameter into shell commands. If the `VIDEO_URL` contains shell metacharacters (e.g., `;`, `|`, `&`, `$(...)`), an attacker could inject arbitrary commands that would be executed by the underlying shell. The skill provides these command templates without explicit sanitization instructions for the LLM, creating a vulnerability if the LLM does not properly escape user-provided input. The LLM orchestrating this skill must ensure that all user-provided inputs, especially `VIDEO_URL`, are properly sanitized or shell-escaped before being interpolated into shell commands. For example, using `shlex.quote()` in Python or similar mechanisms in other languages. | LLM | SKILL.md:29 | |
| HIGH | Download and execution of unsigned executable from third-party GitHub repository The skill instructs users to download and run an executable (`openclaw-agent.zip`) from a specific user's GitHub releases (`hedefbari/openclaw-agent`). While GitHub is a legitimate platform, downloading and executing binaries from individual repositories without further verification (e.g., code signing, checksums, or a well-established reputation for the project) introduces a supply chain risk. The executable could be tampered with or contain malicious code. Provide a more secure and verifiable distribution method for `openclaw-agent`. This could include official package managers, signed binaries, or clear instructions for users to verify the integrity of the downloaded executable (e.g., by checking cryptographic hashes against a trusted source). | LLM | SKILL.md:13 | |
| LOW | Unpinned `yt-dlp` dependency The skill's manifest specifies `pip install yt-dlp` without a version specifier. This means the latest version of `yt-dlp` will always be installed. While `yt-dlp` is a reputable project, relying on the 'latest' version can introduce instability or unexpected behavior if a new version introduces breaking changes or, in a worst-case scenario, a malicious update. Pinning dependencies is a best practice for security and reproducibility. Pin the `yt-dlp` dependency to a specific, known-good version (e.g., `yt-dlp==2023.11.16`) in the manifest. Regularly update the pinned version after verifying compatibility and security. | LLM | SKILL.md:24 |
Scan History
Embed Code
[](https://skillshield.io/report/c98f52d836ffee40)
Powered by SkillShield