Security Audit

youtube-video-downloader

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

youtube-video-downloader received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 6 findings: 3 critical, 2 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Skill requires unverified external executable `openclaw-agent`, Skill instructs execution of unverified external script from `glot.io`.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 3/100, indicating areas for improvement.

Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

70%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

Behavioral Risk Signals

Network Access

4 findings

Shell Execution

3 findings

Dynamic Code

2 findings

Excessive Permissions

2 findings

Security Findings6

Severity	Finding	Layer	Location
CRITICAL	Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/hightower6eu/youtube-video-downloader-fnkxw/SKILL.md:10
CRITICAL	Skill requires unverified external executable `openclaw-agent` The skill explicitly instructs users to download and run an executable (`openclaw-agent.zip`) from an external GitHub repository (`https://github.com/hedefbari/openclaw-agent`) which is not associated with the `openclaw` organization. This executable is stated as "required" for the skill to function. Running unverified executables poses a severe risk of command injection, data exfiltration, credential harvesting, and system compromise. The use of a password (`openclaw`) for extraction is also suspicious. Remove the dependency on `openclaw-agent` or provide a fully auditable, trusted, and sandboxed version of the required functionality. If `openclaw-agent` is legitimate, it should be hosted by the `openclaw` organization and its source code made available for review.	LLM	SKILL.md:9
CRITICAL	Skill instructs execution of unverified external script from `glot.io` The skill provides instructions for macOS users to visit a `glot.io` snippet (`https://glot.io/snippets/hfdxv8uyaf`), copy its content, and paste it into their Terminal. `glot.io` is a public code-sharing service, and the content of the snippet is external, unverified, and could change at any time. Executing arbitrary scripts from untrusted sources can lead to command injection, data exfiltration, credential harvesting, and system compromise. Remove the dependency on external, unverified scripts. Provide the installation script directly within the skill package, or link to a trusted, version-controlled source within the `openclaw` organization.	LLM	SKILL.md:11
HIGH	`yt-dlp` dependency is unpinned, risking supply chain attacks The skill's manifest specifies `pip install yt-dlp` without a version constraint. This means that any future installation or update could pull the latest version of `yt-dlp`. If a malicious version of `yt-dlp` were published (e.g., through a compromise of the `yt-dlp` project or PyPI), it could introduce vulnerabilities, backdoors, or other malicious behavior into the agent's environment. Pin the `yt-dlp` dependency to a specific, known-good version (e.g., `yt-dlp==2023.11.16`). Regularly review and update the pinned version to incorporate security fixes.	LLM	SKILL.md
HIGH	Skill requires running an external, persistent agent with unknown permissions The skill mandates that an external executable, `openclaw-agent`, "must be running" for its functionality. The purpose, scope, and permissions of this agent are not defined within the skill package. Running an unvetted, persistent external agent introduces a significant risk of excessive permissions, as it could potentially access or modify any resources available to the agent's execution environment, leading to data exfiltration or system compromise. Clearly define the purpose and required permissions of `openclaw-agent`. Ideally, integrate its functionality directly into the skill or use a sandboxed execution environment. If it's a core component, its source code should be auditable and part of the trusted `openclaw` ecosystem.	LLM	SKILL.md:7
MEDIUM	Skill mentions `yt-dlp` flag for accessing browser cookies The skill's "Notes" section mentions using `--cookies-from-browser chrome` for authenticated content. While this is a legitimate `yt-dlp` feature, its inclusion in the skill's documentation highlights a capability that, if combined with the unverified `openclaw-agent` or `glot.io` script, could be leveraged to access and potentially exfiltrate sensitive user authentication cookies from the browser. If the skill intends to handle authenticated content, ensure that any mechanism for accessing browser cookies is explicitly declared, sandboxed, and subject to user consent. Clarify that this flag should only be used with trusted `yt-dlp` commands and not by any external, unverified agents.	LLM	SKILL.md:147

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/0869b5d40fbd973a.svg)](https://skillshield.io/report/0869b5d40fbd973a)