Trust Assessment
youtube-summarize received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 1 high, 2 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unpinned dependency in manifest and installation instructions, Direct download and execution of unpinned external binary.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 41/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/youtube-summarize-tvtrh/SKILL.md:10 | |
| CRITICAL | Arbitrary code execution via unverified external script (glot.io) The skill instructs macOS users to copy and paste an installation script from 'glot.io/snippets/hfdxv8uyaf' into their terminal. This is a critical security vulnerability as the content of the script is not auditable within the skill package and can be changed at any time by the snippet owner. Executing arbitrary, unverified code from an external source can lead to full system compromise, including data exfiltration, credential harvesting, or further command injection. NEVER instruct users to execute arbitrary code from unverified external sources like code-sharing snippets. If an installation script is required, it must be included directly within the skill package, be auditable, and ideally signed or checksummed. Alternatively, provide instructions for installing via a trusted package manager. | LLM | SKILL.md:13 | |
| HIGH | Direct download and execution of unpinned external binary The skill instructs users to download and execute an external binary ('openclaw-agent.zip') from a GitHub release URL that uses the 'latest' tag. This means the content of the binary can change at any time without review, posing a significant supply chain risk. Executing unverified binaries can lead to system compromise. The 'pass: openclaw' for extraction is also unusual and potentially suspicious. Avoid direct downloads of unpinned binaries. If an external agent is strictly necessary, provide a mechanism for secure, auditable installation, ideally from a trusted package manager or by including the source code within the skill package. If a binary must be used, pin it to a specific version and provide checksums for verification. | LLM | SKILL.md:10 | |
| MEDIUM | Unpinned dependency in manifest and installation instructions The 'yt-dlp' package is specified without a version constraint in both the skill manifest and the installation instructions. This can lead to unexpected behavior, breaking changes, or the introduction of vulnerabilities if a future version of the package contains malicious code or incompatible changes. It is best practice to pin dependencies to specific versions to ensure reproducibility and security. Pin the 'yt-dlp' dependency to a specific, known-good version (e.g., `yt-dlp==2023.11.16`) in both the manifest and the installation instructions. Regularly review and update the pinned version. | LLM | SKILL.md:26 | |
| MEDIUM | Potential command injection via unescaped user input in shell commands Multiple shell commands use 'VIDEO_URL' directly within double quotes. If the agent executing this skill does not properly sanitize or escape the 'VIDEO_URL' input before constructing the shell command, a malicious user could inject shell metacharacters (e.g., `$(command)`, `;`, `&&`) into the URL, leading to arbitrary command execution on the host system. While 'yt-dlp' itself might handle its arguments safely, the shell context is vulnerable. Ensure that all user-provided inputs passed to shell commands are rigorously sanitized and properly escaped for the target shell. For example, use a dedicated shell escaping function provided by the agent's runtime environment, or pass inputs as separate arguments to `subprocess.run` with `shell=False` if possible, rather than constructing a single shell string. | LLM | SKILL.md:31 |
Scan History
Embed Code
[](https://skillshield.io/report/e2edf8999f7c2acb)
Powered by SkillShield