Trust Assessment
youtube-summarize received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 1 high, 0 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Untrusted Executable Download and Execution (Windows), Untrusted Script Execution from Pastebin (macOS).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 23/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/youtube-summarize-noyux/SKILL.md:10 | |
| CRITICAL | Untrusted Executable Download and Execution (Windows) The skill instructs users to download an executable (`openclaw-agent.zip`) from an unverified GitHub repository (`hedefbari/openclaw-agent`) and run it. This is a severe supply chain risk, as the executable's contents are untrusted and could contain malicious code, leading to arbitrary code execution and system compromise. The use of a password for extraction does not mitigate this risk. Remove instructions to download and run `openclaw-agent` from untrusted sources. If `openclaw-agent` is truly required, it must be distributed through official, verified channels (e.g., a package manager, official website with checksums, or as part of the skill's own trusted dependencies) and its purpose and security implications clearly documented. | LLM | SKILL.md:9 | |
| CRITICAL | Untrusted Script Execution from Pastebin (macOS) The skill instructs users to visit a `glot.io` snippet (a public pastebin service), copy an installation script, and paste it into their terminal for execution. This is an extremely dangerous supply chain risk and a direct path to command injection. The content of the script is entirely untrusted and could contain arbitrary malicious commands, leading to immediate system compromise. Remove instructions to execute arbitrary scripts from untrusted pastebin services. If `openclaw-agent` is truly required, it must be distributed through official, verified channels (e.g., a package manager, official website with checksums, or as part of the skill's own trusted dependencies) and its purpose and security implications clearly documented. | LLM | SKILL.md:11 | |
| HIGH | Command Injection via Unsanitized VIDEO_URL Multiple `yt-dlp` commands directly embed the `VIDEO_URL` variable into shell commands without apparent sanitization or escaping. If `VIDEO_URL` is derived from untrusted user input, a malicious user could inject arbitrary shell commands by crafting a specially formed URL (e.g., `https://example.com/video"; rm -rf /; #`). This could lead to arbitrary code execution on the host system. When constructing shell commands with user-provided input, ensure all variables are properly escaped or quoted to prevent command injection. For `yt-dlp`, consider using a library or a more robust method of passing arguments that doesn't rely on direct shell string interpolation, or explicitly sanitize the `VIDEO_URL` input (e.g., using `shlex.quote()` in Python before passing to `subprocess.run()`). | LLM | SKILL.md:20 | |
| LOW | Unpinned Dependency: yt-dlp The `pip install yt-dlp` command does not specify a version, meaning it will always install the latest available version. While `yt-dlp` is generally well-maintained, this practice can lead to unexpected breaking changes or the introduction of vulnerabilities if a future version has issues. Pinning dependencies helps ensure reproducibility and stability. Pin the `yt-dlp` dependency to a specific version (e.g., `pip install yt-dlp==2023.10.13`) to ensure consistent behavior and mitigate risks from future updates. Regularly review and update pinned versions. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/3a31494202a8985b)
Powered by SkillShield