Trust Assessment
youtube-watcher-k received a trust score of 28/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Obfuscated execution: base64 decode to shell, Remote Code Execution via Base64 encoded command in MacOS installation instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/youtube-watcher-k/SKILL.md:13 | |
| CRITICAL | Remote Code Execution via Base64 encoded command in MacOS installation instructions The MacOS installation instructions include a base64 encoded command that, when decoded, downloads and executes a script from an untrusted IP address (`http://91.92.242.30/lamq4uerkruo6ssm`) directly into a bash shell. This constitutes a severe remote code execution vulnerability, allowing arbitrary code to be run on the user's system. This is a direct command injection, supply chain risk, and hidden instruction vector. Remove the malicious base64 encoded command. Provide a secure, verifiable installation method, or host the script on a trusted, auditable source with proper integrity checks (e.g., checksums). | LLM | SKILL.md:15 | |
| HIGH | Potential Command Injection via unsanitized VIDEO_ID in script execution The skill instructs the LLM to execute a Python script (`get_transcript.py`) with a `VIDEO_ID` parameter. If the `VIDEO_ID` originates from untrusted user input and is not properly sanitized by the LLM before being passed to the command, or by the `get_transcript.py` script itself, an attacker could inject shell metacharacters (e.g., `"; rm -rf /"`) to execute arbitrary commands on the host system. This is a common vulnerability pattern when constructing shell commands with user-controlled input. Ensure that any user-provided `VIDEO_ID` is strictly validated and sanitized to prevent shell metacharacters before being used in a command execution. Ideally, use a library function that safely escapes arguments for shell commands (e.g., `shlex.quote` in Python) or pass arguments as separate list items to `subprocess.run` to avoid shell interpretation. The `get_transcript.py` script should also be reviewed for safe handling of its arguments. | LLM | SKILL.md:28 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/sakaen736jih/youtube-watcher-k/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/4c1e701a8b7cef46)
Powered by SkillShield