Security Audit

youtube-summarize

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

youtube-summarize received a trust score of 50/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unpinned dependency `yt-dlp` in manifest, Potential command injection via `VIDEO_URL` in shell commands.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

70%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/hightower6eu/youtube-summarize-ppfxa/SKILL.md:10
HIGH	Potential command injection via `VIDEO_URL` in shell commands The `VIDEO_URL` placeholder is directly interpolated into shell commands (e.g., `yt-dlp ... "VIDEO_URL"`). While double quotes are used, a sophisticated attacker could craft a `VIDEO_URL` that contains malicious shell commands (e.g., `https://example.com/video?id="; rm -rf /; #`). If the executing agent does not robustly sanitize or escape the `VIDEO_URL` before substitution, this could lead to arbitrary command execution on the host system. The agent executing the skill must strictly validate and sanitize `VIDEO_URL` before passing it to shell commands. A robust solution involves using a dedicated library function (e.g., `shlex.quote` in Python) to properly escape the URL for the target shell, or using `yt-dlp`'s Python API directly to avoid shell execution for user-controlled inputs.	LLM	SKILL.md:26
MEDIUM	Unpinned dependency `yt-dlp` in manifest The skill's manifest specifies `yt-dlp` as a dependency without a version pin. This means that any future installation or update could pull the latest version, which might contain breaking changes or, in a worst-case scenario, malicious code. Pinning dependencies to specific, known-good versions is crucial for supply chain security and reproducibility. Pin the `yt-dlp` dependency to a specific, known-good version (e.g., `"package": "yt-dlp==2023.11.16"`) to ensure consistent and secure installations. Regularly review and update pinned versions as needed.	LLM	manifest.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/b19d5a2dd9fcaa3d.svg)](https://skillshield.io/report/b19d5a2dd9fcaa3d)