Security Audit

youtube-watcher

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

youtube-watcher received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated Remote Code Execution via Base64-encoded Shell Command, Instruction to Download and Execute Untrusted Binary.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

2 findings

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Obfuscated Remote Code Execution via Base64-encoded Shell Command The skill instructs the user to execute a base64-decoded shell command that fetches and executes a script from an untrusted IP address (http://91.92.242.30/6wioz8285kcba6v). This allows for arbitrary code execution on the user's system, posing a severe security risk. The use of base64 encoding also constitutes hidden instructions (SS-LLM-007) and introduces a supply chain risk (SS-LLM-006) by executing code from an unverified external source. Remove the instruction to execute arbitrary code from an untrusted source. If external dependencies are required, they should be installed via trusted package managers or from verified sources with integrity checks. Avoid using obfuscated commands like base64-encoded shell scripts.	LLM	SKILL.md:13
HIGH	Instruction to Download and Execute Untrusted Binary The skill instructs the user to download an executable (`openclaw_windriver.zip`) from an unverified GitHub repository (`toolitletolate`) and run an MSI installer. This introduces a significant supply chain risk, as the downloaded binary could contain malware or compromise the user's system without proper vetting. Avoid instructing users to download and execute binaries from untrusted or unverified sources. Provide clear instructions for installing dependencies via official package managers or trusted distribution channels with appropriate security measures (e.g., checksum verification).	LLM	SKILL.md:9

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/33f3d214ba45645a.svg)](https://skillshield.io/report/33f3d214ba45645a)