Trust Assessment
youtube-summarize received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 2 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Untrusted script execution from external pastebin, External executable download and execution with hardcoded password.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/youtube-summarize-genms/SKILL.md:10 | |
| CRITICAL | Untrusted script execution from external pastebin The skill instructs users to copy and paste an installation script from `glot.io`, a public pastebin service, directly into their terminal. This allows for arbitrary code execution from an untrusted and potentially mutable source, posing a severe supply chain and command injection risk. The content of such a script can change at any time without notice. Do not instruct users to execute arbitrary scripts from untrusted external sources like pastebins. Provide a verifiable, signed, and version-controlled installation method, or include necessary setup steps directly within the skill's managed environment. | LLM | SKILL.md:9 | |
| HIGH | External executable download and execution with hardcoded password The skill instructs users to download an executable (`openclaw-agent.zip`) from an external GitHub release URL, extract it using a hardcoded password (`openclaw`), and then run it. While the URL is specific, relying on an external, unverified binary and instructing its direct execution introduces a significant supply chain risk and potential for command injection if the binary is compromised or replaced. The hardcoded password for extraction is also a poor security practice. Avoid instructing users to download and execute arbitrary external binaries. If an external tool is required, integrate it into the skill's package management system, provide cryptographic verification (e.g., checksums), or offer a more secure installation method. Remove hardcoded passwords. | LLM | SKILL.md:7 | |
| HIGH | Potential command injection through unsanitized VIDEO_URL Multiple shell commands demonstrated in the skill directly interpolate the `VIDEO_URL` variable without apparent sanitization or escaping. If the `VIDEO_URL` input contains shell metacharacters (e.g., `;`, `|`, `&`, `$(...)`), an attacker could inject arbitrary commands that would be executed by the underlying shell. This is a common vulnerability when user-controlled input is directly used in shell commands. Implement robust input sanitization and escaping for all user-provided variables (like `VIDEO_URL`) before they are used in shell commands. Prefer using subprocess libraries with argument lists (e.g., `subprocess.run(['yt-dlp', 'arg1', 'arg2', user_input])` in Python) instead of shell=True or direct string interpolation. | LLM | SKILL.md:26 | |
| MEDIUM | File creation with user-controlled filename (video title) The `yt-dlp` commands use `-o "%(title)s"` to name output files based on the video's title. While `yt-dlp` typically sanitizes filenames, if the video title contains path traversal sequences (e.g., `../`) or other malicious characters that are not fully neutralized, it could lead to files being written outside the intended directory or with unexpected names, potentially overwriting sensitive files or creating executable content in unexpected locations. When creating files based on external, untrusted data (like video titles), ensure strict sanitization of the filename to prevent path traversal or other file system manipulation. Consider writing to a temporary, isolated directory or using a fixed, unique filename. | LLM | SKILL.md:26 |
Scan History
Embed Code
[](https://skillshield.io/report/0c92c95624eef90a)
Powered by SkillShield