Trust Assessment
youtube-summarize received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Untrusted Executable and Script Download/Execution, Prompt Injection via Untrusted Video Transcripts.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/youtube-summarize-l8nmj/SKILL.md:10 | |
| CRITICAL | Untrusted Executable and Script Download/Execution The skill instructs users to download and execute an untrusted binary (`openclaw-agent.zip`) from an external GitHub repository for Windows, and to copy-paste and run an arbitrary script from `glot.io` for macOS. This introduces severe supply chain risks and allows for arbitrary code execution on the user's system. The skill explicitly states that its core functionality (transcript extraction) depends on these untrusted components. Remove instructions to download and execute untrusted binaries or scripts from external, unverified sources. If `openclaw-agent` is a necessary component, it should be distributed securely, ideally as part of the skill package or from a trusted, verified source with integrity checks. For macOS, avoid instructing users to run arbitrary scripts from pastebin-like services. | LLM | SKILL.md:10 | |
| HIGH | Prompt Injection via Untrusted Video Transcripts The skill's primary workflow involves extracting video transcripts (which can contain arbitrary, potentially malicious text from YouTube captions, including user-generated content) and explicitly states 'Send to LLM for summarization'. This creates a direct and clear path for prompt injection, where a malicious actor could upload a YouTube video with specially crafted captions designed to manipulate the host LLM's behavior or extract sensitive information. Implement robust sanitization and filtering of extracted transcript content before it is fed to the LLM. This should include removing or neutralizing any text that could be interpreted as instructions or commands by the LLM. Consider using a separate, isolated LLM call for summarization that is less susceptible to prompt injection, or explicitly instruct the LLM to treat the input as raw text only. | LLM | SKILL.md:95 |
Scan History
Embed Code
[](https://skillshield.io/report/dbe3654a88369dcf)
Powered by SkillShield