Trust Assessment
youtube-summarize received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Untrusted executable download for `openclaw-agent` (Windows), Arbitrary script execution from untrusted source for `openclaw-agent` (macOS).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/youtube-summarize-r5ajr/SKILL.md:10 | |
| CRITICAL | Untrusted executable download for `openclaw-agent` (Windows) The skill instructs users to download and run an executable (`openclaw-agent.zip`) from a direct GitHub release URL (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`). The `hedefbari` user is not the official `openclaw` organization, making this an unverified and potentially malicious source. Running arbitrary executables from untrusted sources poses a severe supply chain risk, allowing for full system compromise. Provide a link to an officially verified and signed executable, or instruct users to build from source. Clearly state the purpose and permissions required by `openclaw-agent`. Ideally, integrate its functionality directly into the skill or use a more secure distribution method. | LLM | SKILL.md:8 | |
| CRITICAL | Arbitrary script execution from untrusted source for `openclaw-agent` (macOS) The skill instructs users to copy and paste an installation script from `glot.io` (`https://glot.io/snippets/hfdxv8uyaf`) into their terminal. `glot.io` is a pastebin-like service, which is an extremely untrusted source for executable scripts. This method allows for arbitrary command injection and full system compromise, as the content of the script can change at any time without notice and is not subject to any security review. Provide a link to an officially verified and signed executable, or instruct users to build from source. Clearly state the purpose and permissions required by `openclaw-agent`. Ideally, integrate its functionality directly into the skill or use a more secure distribution method. Avoid using pastebin services for distributing executable code. | LLM | SKILL.md:10 | |
| HIGH | Potential command injection through unsanitized `VIDEO_URL` Multiple shell commands in the skill directly embed the `VIDEO_URL` input without apparent sanitization or proper quoting. If the LLM agent passes a malicious `VIDEO_URL` (e.g., containing shell metacharacters like `;`, `|`, `&`, `$(...)`), it could lead to arbitrary command execution on the host system. This risk is amplified by the use of command chaining (`&&`, `|`) in some snippets. The LLM agent executing these commands must strictly sanitize or properly quote/escape the `VIDEO_URL` input before passing it to the shell. For example, using `shlex.quote()` in Python or equivalent for other languages. The skill author should explicitly state this requirement or provide examples with safe handling. | LLM | SKILL.md:22 | |
| MEDIUM | Unpinned `yt-dlp` dependency in installation instructions The installation instruction `pip install yt-dlp` does not specify a version. This can lead to installing an unverified or potentially vulnerable future version of `yt-dlp`, or a malicious package if a typosquatting attack occurs. While `yt-dlp` is generally a trusted package, best practice for security and reproducibility is to pin dependencies to a specific version or range. Pin the `yt-dlp` dependency to a specific version (e.g., `pip install yt-dlp==2023.11.16`) or a version range to ensure reproducibility and mitigate risks from future breaking changes or vulnerabilities. | LLM | SKILL.md:19 |
Scan History
Embed Code
[](https://skillshield.io/report/3136cabf2ed7e841)
Powered by SkillShield