Trust Assessment
youtube-summarizer received a trust score of 62/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 3 critical, 1 high, 1 medium, and 1 low severity. Key findings include Node lockfile missing, Unpinned external dependency installation with arbitrary code execution, Unsanitized user input in shell command (VIDEO_ID).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unpinned external dependency installation with arbitrary code execution The skill instructs to `git clone` an external repository (`https://github.com/kimtaeyoon83/mcp-server-youtube-transcript.git`) into a system-level directory (`/root/clawd/`) without pinning to a specific commit or version. Subsequently, `npm install` and `npm run build` are executed, allowing arbitrary code from the unpinned repository to run with potentially high privileges. This poses a severe supply chain risk, as a compromise of the external repository could lead to malicious code execution on the host system. Pin the external dependency to a specific commit hash or version tag to ensure immutability. Avoid installing dependencies into system-level directories like `/root/clawd/`. Consider sandboxing or containerizing external dependencies. | LLM | package.json:25 | |
| CRITICAL | Unsanitized user input in shell command (VIDEO_ID) The `VIDEO_ID` extracted from user input is directly interpolated into a `node -e` command string, which is then executed via a shell. If `VIDEO_ID` contains shell metacharacters (e.g., `'; rm -rf /;'`), it could lead to arbitrary command injection. Sanitize or properly escape `VIDEO_ID` before interpolating it into shell commands. Use a safe method for passing arguments, such as environment variables or dedicated command-line arguments, rather than direct string interpolation. | LLM | SKILL.md:33 | |
| CRITICAL | Unsanitized user input in shell command (CHAT_ID) The `CHAT_ID` (presumably user-controlled) is directly interpolated into the `message --action send` shell command. If `CHAT_ID` contains shell metacharacters, it could lead to arbitrary command injection, allowing an attacker to execute malicious commands on the host system. Sanitize or properly escape `CHAT_ID` before interpolating it into shell commands. Use a safe method for passing arguments, such as environment variables or dedicated command-line arguments, rather than direct string interpolation. | LLM | SKILL.md:78 | |
| HIGH | Unsanitized user input in file path (VIDEO_ID) The `VIDEO_ID` is used directly in the construction of a file path (`/root/clawd/transcripts/YYYY-MM-DD_VIDEO_ID.txt`). If `VIDEO_ID` contains path traversal sequences (e.g., `../`, `/`), an attacker could write files to arbitrary locations on the filesystem, potentially overwriting critical system files or exfiltrating data. Sanitize `VIDEO_ID` to remove any path separators or special characters before using it in a file path. Ensure that the target directory for saving transcripts is restricted and not a system-critical location. | LLM | SKILL.md:70 | |
| MEDIUM | Writing user-generated content to system-level directory The skill instructs to save full transcripts, which are user-generated content, into `/root/clawd/transcripts/`. This path is within a system-level directory (`/root/clawd/`) which is generally reserved for system files or skill installations, not dynamic user data. This implies broad write permissions for the skill in a sensitive area, which could lead to clutter, permission issues, or potential for data exfiltration if the directory is misconfigured. Store user-generated content (like transcripts) in a dedicated, less privileged, and isolated data directory (e.g., within the skill's own data directory, or a temporary user-specific directory) rather than a system-level installation path. | LLM | SKILL.md:70 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/abe238/youtube-summarizer/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/a38c6883a38c5ee2)
Powered by SkillShield