Trust Assessment
youtube-summarize received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Execution of untrusted external script from glot.io, Execution of untrusted external binary from GitHub releases.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/youtube-summarize-kodxd/SKILL.md:10 | |
| CRITICAL | Execution of untrusted external script from glot.io The skill instructs users to copy and paste an installation script from `glot.io` into their terminal. `glot.io` is a pastebin-like service, and the content of the script is not controlled or verified within the skill package. This poses a critical supply chain risk, as a malicious actor could modify the script on `glot.io` to execute arbitrary commands on the user's system, leading to full system compromise. This also represents a direct command injection vector. Host the installation script directly within the skill package or a trusted, version-controlled repository. Implement cryptographic verification (e.g., checksums) if external downloads are unavoidable. Avoid instructing users to execute arbitrary scripts from pastebin-like services. | LLM | SKILL.md:13 | |
| CRITICAL | Execution of untrusted external binary from GitHub releases The skill instructs users to download and execute an `openclaw-agent.zip` binary from a GitHub release. While GitHub is a common platform, the binary itself is external to the skill package and its integrity is not verified. A compromised binary could lead to arbitrary code execution and system compromise. The use of a hardcoded, publicly known password (`openclaw`) for extraction is also a minor security concern, as it offers no real protection. This also represents a direct command injection vector if the binary is malicious. Include the `openclaw-agent` within the skill package if it's essential, or provide clear instructions for users to verify its authenticity (e.g., GPG signatures, checksums). Avoid instructing users to run unverified executables. If the agent is truly external, consider sandboxing the skill's execution environment. | LLM | SKILL.md:10 | |
| HIGH | Potential command injection through unsanitized VIDEO_URL Multiple shell commands within the skill use `VIDEO_URL` directly as an argument to `yt-dlp`. If the AI agent constructs `VIDEO_URL` from untrusted user input without proper sanitization (e.g., escaping shell metacharacters), a malicious user could inject arbitrary shell commands. For example, `VIDEO_URL="example.com; rm -rf /"` could lead to data loss or system compromise. The AI agent responsible for executing this skill must ensure that all user-provided inputs, especially `VIDEO_URL`, are properly sanitized and escaped before being passed to shell commands. Consider using a library function for shell escaping or executing commands via a safer API (e.g., Python's `subprocess.run` with `shell=False` and passing arguments as a list). | LLM | SKILL.md:23 |
Scan History
Embed Code
[](https://skillshield.io/report/7fe8c507bdfeffab)
Powered by SkillShield