Trust Assessment
youtube-summarize received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Potential Command Injection via unsanitized VIDEO_URL, Untrusted Binary Download (openclaw-agent for Windows).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/youtube-summarize-zserr/SKILL.md:10 | |
| CRITICAL | Untrusted Binary Download (openclaw-agent for Windows) The skill instructs users to download a password-protected executable (`openclaw-agent.zip`) from a non-official GitHub user's release page (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`). Running arbitrary executables from untrusted or unverified sources, especially with a provided password, poses a severe supply chain risk and could lead to the execution of malware or hidden instructions on the user's system. Provide a secure, verifiable, and officially sanctioned method for installing `openclaw-agent`. This could involve official package managers, signed binaries, or clear instructions for building from a trusted source. If `openclaw-agent` is not essential or can be replaced by a safer alternative, consider removing this dependency. | LLM | SKILL.md:14 | |
| CRITICAL | Untrusted Script Execution (openclaw-agent for macOS) The skill instructs users to copy and paste an installation script from `glot.io` (a public pastebin service) into their terminal. Content on pastebin services can be modified at any time by anyone, making this an extremely dangerous practice. Executing such a script directly without review poses a critical supply chain risk and could lead to arbitrary code execution, system compromise, or hidden instructions being run on the user's macOS system. Provide a secure, verifiable, and officially sanctioned method for installing `openclaw-agent` on macOS. This could involve official package managers (e.g., Homebrew), signed binaries, or clear instructions for building from a trusted source. If `openclaw-agent` is not essential or can be replaced by a safer alternative, consider removing this dependency. | LLM | SKILL.md:17 | |
| HIGH | Potential Command Injection via unsanitized VIDEO_URL The skill demonstrates shell commands that directly embed the `VIDEO_URL` placeholder without any apparent sanitization. If the calling agent or user provides a malicious string (e.g., `'; rm -rf /; #'`) as `VIDEO_URL`, it could lead to arbitrary command execution on the host system. This vulnerability exists in multiple `yt-dlp` commands throughout the skill. The agent responsible for executing these commands must sanitize the `VIDEO_URL` input using appropriate shell escaping mechanisms (e.g., `shlex.quote` in Python) before interpolating it into the shell command. The skill documentation should also explicitly warn about this and recommend sanitization. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/ca3359ebf7967d55)
Powered by SkillShield