Trust Assessment
youtube-summarize received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unpinned dependency in manifest, Command Injection via unvalidated VIDEO_URL.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/youtube-summarize-mnoqm/SKILL.md:10 | |
| CRITICAL | Unsafe external dependency installation (Windows) The skill instructs users to download `openclaw-agent.zip` from a `latest` release URL on GitHub. This URL is not version-pinned, meaning the content of the zip file can change at any time without user awareness, potentially introducing malware or backdoors. Additionally, the use of a weak, publicly known password (`openclaw`) for extraction is poor security practice. Provide a version-pinned URL for the `openclaw-agent` executable, ideally with a cryptographic hash (e.g., SHA256) for integrity verification. Avoid using weak or publicly known passwords for archives. Consider distributing the agent through a more secure and verifiable channel. | LLM | SKILL.md:10 | |
| CRITICAL | Unsafe external dependency installation (macOS) The skill instructs macOS users to copy and paste an installation script from `glot.io`, a public code pastebin. Content on pastebin sites can be modified by anyone at any time, making this an extremely high-risk method for installing software. Executing arbitrary, unverified scripts from such sources can lead to complete system compromise. Distribute installation scripts through a trusted, version-controlled repository (e.g., GitHub Gist with a specific commit hash, or directly within the skill package if appropriate) and provide instructions for verifying its integrity (e.g., SHA256 hash). Avoid instructing users to execute code from untrusted or easily modifiable sources like pastebins. | LLM | SKILL.md:12 | |
| HIGH | Command Injection via unvalidated VIDEO_URL Multiple `yt-dlp` commands directly embed the `VIDEO_URL` parameter into shell commands without proper sanitization or escaping. An attacker could craft a malicious `VIDEO_URL` (e.g., `https://www.youtube.com/watch?v=dQw4w9WgXcQ"; rm -rf / --no-preserve-root; #`) to execute arbitrary shell commands on the host system where the skill is run. Implement robust input validation and shell escaping for `VIDEO_URL` before constructing and executing shell commands. Consider using a library or framework that handles command execution securely, or pass the URL as an argument to a Python script that then calls `yt-dlp` using its API or `subprocess.run` with `shell=False` and proper argument lists. | LLM | SKILL.md:33 | |
| MEDIUM | Unpinned dependency in manifest The `yt-dlp` package is specified without a version constraint in the `install` section of the manifest. This can lead to non-deterministic builds, introduce breaking changes, or pull in vulnerable versions if a malicious update is pushed to the package index. Pin the dependency to a specific version, e.g., `"package": "yt-dlp==2023.11.16"`, or use a range constraint if specific versions are known to be compatible. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/8a471b3760e9ec93)
Powered by SkillShield