Trust Assessment
yt-digest received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 5 critical, 0 high, 2 medium, and 1 low severity. Key findings include Arbitrary command execution, Missing required field: name, Unpinned npm dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/0xraini/yt-digest/src/cli.js:32 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/0xraini/yt-digest/src/cli.js:50 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/0xraini/yt-digest/src/cli.js:274 | |
| CRITICAL | Command Injection via unsanitized URL in execSync The skill uses `child_process.execSync` to execute `yt-dlp` commands, directly interpolating the user-provided `url` parameter into the shell command string. Although the URL is enclosed in double quotes, common shells (like bash) still perform command substitution (e.g., `$(command)` or `` `command` ``) within double-quoted strings. This allows a malicious user to inject arbitrary shell commands by crafting a specially formed URL, leading to arbitrary code execution on the host system. This could be used for data exfiltration, system modification, or further compromise. Avoid direct string interpolation of user-controlled input into `execSync` commands. Instead, use `child_process.spawn` or `child_process.execFile` with an array of arguments, which prevents shell interpretation of the arguments. If `execSync` is strictly necessary, implement robust sanitization or whitelisting of the `url` parameter to remove or escape all shell metacharacters before execution. | LLM | src/cli.js:30 | |
| CRITICAL | Command Injection via unsanitized URL in execSync (transcript fetch) Similar to the previous finding, the `getTranscript` function also uses `child_process.execSync` to execute `yt-dlp` commands, directly interpolating the user-provided `url` parameter. This creates a second vector for command injection, allowing a malicious user to execute arbitrary shell commands on the host system by crafting a specially formed URL. This could lead to data exfiltration, system modification, or further compromise. Avoid direct string interpolation of user-controlled input into `execSync` commands. Instead, use `child_process.spawn` or `child_process.execFile` with an array of arguments, which prevents shell interpretation of the arguments. If `execSync` is strictly necessary, implement robust sanitization or whitelisting of the `url` parameter to remove or escape all shell metacharacters before execution. | LLM | src/cli.js:50 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/0xraini/yt-digest/SKILL.md:1 | |
| MEDIUM | Unpinned npm dependency version Dependency 'youtube-transcript' is not pinned to an exact version ('^1.2.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/0xraini/yt-digest/package.json | |
| LOW | Unpinned dependency in package.json The `package.json` file specifies the `youtube-transcript` dependency with a caret (`^`) version range (`^1.2.1`). This means that `npm` or `yarn` can install any compatible minor or patch version (e.g., `1.x.x`), which might introduce breaking changes or security vulnerabilities if a new version with issues is released. While `package-lock.json` pins the exact version, `package.json` defines the acceptable range for new installations. Pin dependencies to exact versions (e.g., `"youtube-transcript": "1.2.1"`) to ensure deterministic builds and prevent unexpected updates that could introduce vulnerabilities or break functionality. Regularly audit and manually update dependencies to benefit from security fixes. | LLM | package.json:15 |
Scan History
Embed Code
[](https://skillshield.io/report/9b8f2329237c89fd)
Powered by SkillShield