Trust Assessment
youtube-summarize received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 0 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Skill requires execution of untrusted external binaries/scripts, Use of `python3 -c` for inline script execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/youtube-summarize-beqh9/SKILL.md:10 | |
| CRITICAL | Skill requires execution of untrusted external binaries/scripts The skill explicitly instructs users to download and execute an 'openclaw-agent.zip' executable from an external GitHub release (Windows) and to copy/paste an arbitrary script from 'glot.io' (macOS). This constitutes a critical command injection and excessive permissions vulnerability, as the content of these external resources is not auditable within the skill package and can perform any action on the user's system. The password 'openclaw' for the zip file is also suspicious, suggesting a hidden or protected payload. Remove instructions for downloading and executing unverified external binaries or scripts. If 'openclaw-agent' is truly necessary, it must be included within the skill package, open-sourced, and subject to security review, or a secure, auditable installation method must be provided. | LLM | SKILL.md:7 | |
| MEDIUM | Use of `python3 -c` for inline script execution The skill examples frequently use `python3 -c` to execute Python code directly from the command line. While the provided Python snippets are hardcoded and appear safe, this pattern is a powerful command injection vector. If the LLM were to dynamically construct the Python code string based on untrusted user input, it could lead to arbitrary code execution. This exposes a dangerous pattern that could be exploited by a malicious prompt or an LLM error. Avoid using `python3 -c` for executing complex logic. Instead, place Python scripts in separate, auditable files within the skill package and execute them directly (e.g., `python3 script.py`). If inline execution is unavoidable, ensure all inputs to the Python script are strictly validated and sanitized, and consider using a more constrained execution environment. | LLM | SKILL.md:52 |
Scan History
Embed Code
[](https://skillshield.io/report/e7a686c49f9b8986)
Powered by SkillShield