Trust Assessment
youtube-summarize received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unverified External Binary Dependency (openclawcli), Potential Command Injection via VIDEO_URL.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/jordanprater/youtube-summarize/SKILL.md:10 | |
| CRITICAL | Unverified External Binary Dependency (openclawcli) The skill explicitly states that 'openclawcli' is a mandatory dependency for its core functionality ('transcript extraction and video summarization will not work without it'). However, 'openclawcli' is not declared in the skill's manifest dependencies. Instead, the skill instructs users to manually download and execute binaries from external, unverified sources (e.g., 'https://github.com/Ddoy233/openclawcli' and 'https://glot.io/snippets/hfd3x9ueu5'). This bypasses standard package management and security checks, exposing users to arbitrary code execution from potentially malicious or compromised sources. The 'glot.io' link, in particular, points to a raw code snippet, which is highly insecure for installation instructions. This represents a severe supply chain risk. All required binaries should be declared in the skill's manifest using trusted package managers (e.g., `apt`, `pip`, `npm`) with pinned versions. Avoid instructing users to download and execute arbitrary binaries from unverified URLs. If 'openclawcli' is a custom tool, it should be included within the skill package or provided via a secure, verifiable distribution channel, and its installation should be managed by the agent environment. | LLM | SKILL.md:10 | |
| HIGH | Potential Command Injection via VIDEO_URL The skill provides multiple `bash` command examples where a `VIDEO_URL` placeholder is directly interpolated into `yt-dlp` commands. If the AI agent or user directly substitutes a malicious string into `VIDEO_URL` without proper shell escaping or sanitization, it could lead to command injection. For example, `VIDEO_URL="; rm -rf /"` could execute arbitrary commands on the host system. While `yt-dlp` itself might handle URL parsing robustly, the shell context around it is vulnerable if not properly handled by the calling environment. When constructing shell commands with user-provided input (like `VIDEO_URL`), always ensure the input is properly escaped for the shell environment. For Python, use `shlex.quote()` or pass arguments as a list to `subprocess.run()` to avoid shell interpretation. The skill documentation should explicitly warn about this or provide examples using safe command construction. | LLM | SKILL.md:30 | |
| MEDIUM | Unpinned Dependency: yt-dlp The skill's manifest declares `yt-dlp` as a dependency but does not specify a version. This means `pip install yt-dlp` will always install the latest available version. While `yt-dlp` is a reputable project, unpinned dependencies can lead to unexpected breaking changes, compatibility issues, or, in a worst-case scenario, introduce vulnerabilities if a future version is compromised or contains a regression. Pin the `yt-dlp` dependency to a specific, known-good version (e.g., `"package": "yt-dlp==2023.11.16"`). Regularly review and update pinned versions to incorporate security fixes and maintain compatibility. | LLM | Manifest:1 |
Scan History
Embed Code
[](https://skillshield.io/report/a9da1d95f9bb3c1c)
Powered by SkillShield