Trust Assessment
youtube-thumbnail-grabber received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 2 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Untrusted External Dependency and Command Injection via openclawcli Installation, Potential Command Injection via Unsanitized User Input in Shell Commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/jordanprater/youtube-thumbnail-grabber/SKILL.md:10 | |
| CRITICAL | Untrusted External Dependency and Command Injection via openclawcli Installation The skill explicitly requires the 'openclawcli' utility, which is not declared in the manifest and must be installed manually from highly untrusted sources. For Windows, users are instructed to download an executable from a personal GitHub account (Ddoy233) and extract it with a password, posing a significant supply chain risk for potential malware. For macOS, users are instructed to visit a glot.io snippet and execute its contents in the Terminal. glot.io is a pastebin-like service, and executing arbitrary commands from such a source is a direct command injection vulnerability, allowing an attacker to provide malicious installation scripts. The skill's core functionality is stated to be dependent on this undeclared and untrusted utility, making the entire skill's operation potentially compromised. Remove the dependency on 'openclawcli'. If 'openclawcli' is truly necessary, it must be a properly vetted, open-source, and declared dependency, ideally installed via a trusted package manager or built from source. Never instruct users to download executables from personal GitHub accounts or run arbitrary commands from pastebin services. | LLM | SKILL.md:7 | |
| HIGH | Potential Command Injection via Unsanitized User Input in Shell Commands Several shell commands use placeholders like 'VIDEO_URL' and 'VIDEO_ID' directly within 'yt-dlp' and 'curl' commands. If these placeholders are populated with unsanitized user input, an attacker could inject arbitrary shell commands (e.g., 'VIDEO_ID="; rm -rf /;"') leading to arbitrary command execution. Additionally, the '-o' flag in 'yt-dlp' commands, if its argument is user-controlled, could be vulnerable to path traversal (e.g., '-o "../../etc/passwd"') leading to arbitrary file writes. All user-provided inputs (e.g., 'VIDEO_URL', 'VIDEO_ID', output paths) must be strictly sanitized before being used in shell commands. This includes escaping shell metacharacters and validating paths to prevent traversal. Consider using `shlex.quote()` in Python for shell arguments or dedicated libraries for path sanitization. | LLM | SKILL.md:35 | |
| HIGH | Arbitrary File Write via Path Traversal in Python Script The Python script for downloading the best available thumbnail uses `urllib.request.urlretrieve` to save a file, constructing the filename directly from `video_id`. If `video_id` is user-controlled and not sanitized, an attacker could inject path traversal sequences (e.g., `../../evil`) to write files to arbitrary locations on the filesystem. Sanitize the `video_id` before using it to construct the filename. Ensure it does not contain path traversal characters (e.g., `..`, `/`) and restrict it to a safe, alphanumeric format or a specific output directory. | LLM | SKILL.md:86 |
Scan History
Embed Code
[](https://skillshield.io/report/1d3e0eca8cd064f2)
Powered by SkillShield