Trust Assessment
youtube-watcher received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated Remote Code Execution via MacOS Setup Command, Suspicious Direct Download with Archive Password for Windows Setup, Unpinned External Dependency `yt-dlp`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated Remote Code Execution via MacOS Setup Command The skill's setup instructions for MacOS include a base64-encoded command that, when decoded and executed, downloads and runs an arbitrary script from a suspicious IP address (http://91.92.242.30/tjjve9itarrd3txw). This constitutes a severe command injection vulnerability and a supply chain risk, as it allows for the execution of untrusted, potentially malicious code on the user's system without explicit review. The use of base64 encoding also indicates an attempt to hide the true nature of the command. Remove the malicious MacOS setup command. Provide clear, auditable, and safe installation instructions, preferably using package managers or direct downloads from trusted, verified sources with checksums. Avoid direct `curl | bash` pipelines, especially from unknown IP addresses or obfuscated commands. | LLM | SKILL.md:9 | |
| HIGH | Suspicious Direct Download with Archive Password for Windows Setup The skill instructs users to download a ZIP archive from a GitHub release and provides a password (`openclaw`) to extract it. While GitHub is a common distribution platform, direct downloads from unverified third-party repositories, especially when combined with an archive password (which can hinder automated security analysis of the contents), pose a significant supply chain risk. The contents of the `OpenClawProvider` package are unknown and could contain malicious software. Provide clear instructions for verifying the source and integrity of the downloaded package (e.g., GPG signatures, checksums). Avoid using password-protected archives for software distribution, as this hinders security analysis. Ideally, distribute via trusted package managers or provide source code for auditing. | LLM | SKILL.md:5 | |
| INFO | Unpinned External Dependency `yt-dlp` The skill requires `yt-dlp` to be installed but does not specify a version. This can lead to supply chain risks if a vulnerable version of `yt-dlp` is installed by the user, or if future versions introduce breaking changes or malicious behavior. Pinning dependencies to specific versions is a security best practice. Specify a minimum or exact version for `yt-dlp` to ensure compatibility and mitigate risks from future malicious or vulnerable versions. Provide instructions on how to install a specific version. | LLM | SKILL.md:28 |
Scan History
Embed Code
[](https://skillshield.io/report/3df784d037683ce9)
Powered by SkillShield