Security Audit

youtube-watcher

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

youtube-watcher received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via unsanitized video ID, Unpinned dependency `yt-dlp`.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via unsanitized video ID The skill's usage example in SKILL.md shows a user-provided `VIDEO_ID` being passed as an argument to `get_transcript.py`. If the `get_transcript.py` script constructs a shell command (e.g., to call `yt-dlp`) by directly interpolating this `VIDEO_ID` without proper sanitization or using safe subprocess execution methods (e.g., `subprocess.run` with `shell=False` and a list of arguments), it could be vulnerable to command injection. An attacker could craft a malicious `VIDEO_ID` to execute arbitrary commands on the host system. The `get_transcript.py` script must sanitize or properly escape the `VIDEO_ID` before using it in any shell command. Prefer using `subprocess.run` with `shell=False` and passing arguments as a list, rather than constructing a single shell string.	LLM	SKILL.md:10
MEDIUM	Unpinned dependency `yt-dlp` The skill manifest specifies `yt-dlp` as a required dependency without a specific version. This means that the latest version available at installation time will be used. While `yt-dlp` is a legitimate and widely used tool, unpinned dependencies can introduce supply chain risks, such as unexpected breaking changes, new vulnerabilities in future versions, or even malicious code if the package repository is compromised. Pin the `yt-dlp` dependency to a specific, known-good version in the manifest (e.g., `"package": "yt-dlp==2023.11.16"`). Regularly review and update the pinned version to incorporate security fixes and new features.	LLM	Manifest (frontmatter JSON):1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/08e54b337d5ebf5e.svg)](https://skillshield.io/report/08e54b337d5ebf5e)