Trust Assessment
youtube-summarize received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 2 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Arbitrary Code Execution via Untrusted External Script (macOS), Direct Download of Untrusted Executable (Windows).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/youtube-summarize-k67rk/SKILL.md:10 | |
| CRITICAL | Arbitrary Code Execution via Untrusted External Script (macOS) The skill instructs macOS users to download and execute an arbitrary script from 'glot.io' by copying and pasting it into their terminal. This poses a severe supply chain risk and command injection vulnerability, as the content of the script is not controlled by the skill package and could be modified at any time to execute malicious code on the user's system. This bypasses all security checks and package management. Do not instruct users to execute arbitrary scripts from untrusted or unverified sources. Provide a self-contained installation method or a verified, signed package. If an external script is absolutely necessary, it must be hosted on a trusted, immutable source and its cryptographic hash should be provided for verification. | LLM | SKILL.md:9 | |
| HIGH | Direct Download of Untrusted Executable (Windows) The skill instructs Windows users to download an executable ('openclaw-agent.zip') directly from an external GitHub release, requiring a password for extraction. While GitHub releases are generally more reliable than arbitrary script hosts, this method bypasses standard package management and security checks, introducing a supply chain risk. The executable could be tampered with, or the repository could be compromised. The use of a password for extraction is also an unusual distribution method. Distribute necessary binaries through trusted package managers (e.g., Chocolatey, Winget) or provide clear instructions for building from source. If direct download is unavoidable, provide cryptographic hashes (e.g., SHA256) for users to verify the integrity of the downloaded file. Avoid distributing executables with passwords. | LLM | SKILL.md:7 | |
| HIGH | Potential Command Injection via Unsanitized VIDEO_URL The skill provides multiple shell command examples that use a 'VIDEO_URL' placeholder. If the AI agent directly substitutes user-provided input for 'VIDEO_URL' without proper sanitization (e.g., quoting or escaping shell metacharacters), a malicious user could inject arbitrary shell commands. For example, 'VIDEO_URL="; rm -rf /;"' could lead to data loss or system compromise. This pattern is prevalent throughout the skill's examples. The AI agent implementing this skill must ensure that all user-provided inputs, especially URLs, are properly sanitized and shell-escaped before being incorporated into shell commands. For example, by using `shlex.quote()` in Python or equivalent functions in other languages. The skill documentation should explicitly warn about this requirement. | LLM | SKILL.md:24 |
Scan History
Embed Code
[](https://skillshield.io/report/adc44a01ea0a53ac)
Powered by SkillShield