Trust Assessment
yt-dlp-downloader received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill requests 'all' permissions for shell execution, Potential command injection via unsanitized user input in shell commands, Access to sensitive browser cookies combined with excessive permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill requests 'all' permissions for shell execution The skill explicitly instructs the agent to execute shell commands with `required_permissions: ["all", "network"]`. The "all" permission grants the agent unrestricted access to the host system, which is far beyond the scope needed for a video downloader and poses a severe security risk. This allows the agent to perform any action, including reading/writing arbitrary files, executing arbitrary commands, and making network requests, without further restrictions. Restrict shell tool permissions to the absolute minimum necessary (e.g., `["filesystem:write", "network:outbound"]` if only downloading is needed, and specify target directories). Avoid using "all" permissions. | LLM | SKILL.md:106 | |
| CRITICAL | Potential command injection via unsanitized user input in shell commands The skill constructs shell commands by directly interpolating user-provided input (e.g., `VIDEO_URL`, `PLAYLIST_URL`, `FORMAT_ID`) without explicit sanitization or proper shell quoting. The 'Workflow' section explicitly instructs the agent to execute these commands using a shell tool. A malicious user could inject arbitrary shell commands by crafting a specially formed URL or other input, leading to remote code execution on the host system. Implement robust input sanitization and proper shell quoting (e.g., `shlex.quote()` in Python) for all user-provided variables before constructing and executing shell commands. Never directly concatenate untrusted input into a shell command. | LLM | SKILL.md:40 | |
| HIGH | Access to sensitive browser cookies combined with excessive permissions The skill explicitly recommends and demonstrates using the `--cookies-from-browser` option, which accesses sensitive user browser session cookies. When combined with the `required_permissions: ["all", "network"]` and the lack of input sanitization, a malicious `VIDEO_URL` could be crafted to exfiltrate these cookies or other sensitive local data accessible via the "all" permission, leading to credential harvesting or data exfiltration. Reconsider the necessity of `--cookies-from-browser` if not strictly required. If necessary, ensure strict input sanitization for all command arguments and minimize permissions. Consider using a dedicated, isolated browser profile for cookie access if possible, or a more secure method for authentication that does not expose all browser cookies. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/c7e7444f78a75ad9)
Powered by SkillShield