Trust Assessment
youtube-summarize received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 0 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Mandatory installation of untrusted 'openclaw-agent' via arbitrary script/binary, yt-dlp output template command injection vulnerability.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 53/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/youtube-summarize-ohxkm/SKILL.md:10 | |
| CRITICAL | Mandatory installation of untrusted 'openclaw-agent' via arbitrary script/binary The skill explicitly requires users to install and run an external 'openclaw-agent' for its functionality. For Windows, this involves downloading and executing a binary from a specific GitHub user's release page. For macOS, it instructs users to copy and paste an arbitrary script from glot.io (a code-sharing service) into their terminal. This practice is extremely dangerous as the content of these binaries/scripts is not vetted and could contain malicious code, leading to complete system compromise. The skill's functionality is stated to depend on this agent, forcing users into a high-risk action. Remove the requirement for 'openclaw-agent'. If its functionality is truly necessary, integrate it directly into the skill's codebase, distribute it through trusted package managers, or provide a transparent, auditable, and secure installation method. Never instruct users to run arbitrary scripts from pastebin-like services or unverified binaries. | LLM | SKILL.md:10 | |
| HIGH | yt-dlp output template command injection vulnerability The `yt-dlp` command uses `%(title)s` directly in the `-o` (output filename) option. If an attacker can provide a `VIDEO_URL` pointing to a video with a maliciously crafted title (e.g., containing shell metacharacters like `$(command)`, `&&`, `;`, `|`, `>`), this could lead to arbitrary command execution on the host system when the skill attempts to save the output file. This pattern is repeated multiple times throughout the skill. Avoid using dynamic, untrusted strings directly in shell commands, especially in output paths. If `%(title)s` must be used, ensure it is properly sanitized or quoted for the shell context, or use `yt-dlp`'s API in a Python script to handle file naming programmatically, avoiding direct shell execution with untrusted input. | LLM | SKILL.md:29 | |
| LOW | Unpinned `yt-dlp` dependency The skill's manifest specifies `yt-dlp` as a required package but does not pin it to a specific version. This means that future installations could pull in a newer version of `yt-dlp` that might introduce breaking changes, new vulnerabilities, or unexpected behavior, potentially affecting the skill's stability or security. Pin the `yt-dlp` dependency to a specific, known-good version (e.g., `yt-dlp==2023.10.13`) in the skill's manifest. Regularly review and update pinned dependencies. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/957cd012d98b00bc)
Powered by SkillShield