Trust Assessment
yt-thumbnail-grabber received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 3 high, 1 medium, and 0 low severity. Key findings include Command Injection via unsanitized user input in shell argument, Path Traversal via unsanitized user input in Python output filename, Path Traversal via unsanitized user input in `curl` output filename.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via unsanitized user input in shell argument The skill executes a Python script via `python3 -c "..." "VIDEO_ID"`. If the `VIDEO_ID` variable, which is user-controlled, contains shell metacharacters (e.g., `;`, `&`, `|`, `$(...)`), it could lead to arbitrary command execution on the host system by breaking out of the quoted argument to `python3 -c`. Ensure that `VIDEO_ID` is strictly validated to contain only alphanumeric characters and hyphens, or properly escaped for shell execution before being passed as an argument. A safer approach would be to pass the `VIDEO_ID` via environment variables or stdin to the Python script, or to use a dedicated Python function that takes the ID as a parameter, avoiding shell interpolation entirely. | LLM | SKILL.md:141 | |
| HIGH | Path Traversal via unsanitized user input in Python output filename The Python script in the 'Download Best Available Thumbnail' section uses `f'{video_id}.jpg'` as the output filename for `urllib.request.urlretrieve`. If `video_id` (which is user-controlled) contains path traversal sequences like `../` or absolute paths like `/tmp/`, an attacker could write files to arbitrary locations on the file system. Sanitize the `video_id` variable to remove any path separators (`/`, `\`) or path traversal sequences (`../`). Alternatively, ensure that the output directory is fixed and `video_id` is only used as a basename, or use a library function that safely handles filenames. | LLM | SKILL.md:136 | |
| HIGH | Path Traversal via unsanitized user input in `curl` output filename The `curl` command in the 'Download All Resolutions' section uses `"${VIDEO_ID}_${res}.jpg"` as the output filename. If `VIDEO_ID` (which is user-controlled) contains path traversal sequences like `../` or absolute paths like `/tmp/`, an attacker could write files to arbitrary locations on the file system. Sanitize the `VIDEO_ID` variable to remove any path separators (`/`, `\`) or path traversal sequences (`../`) before using it in the output filename. Ensure that the output directory is fixed and `VIDEO_ID` is only used as a basename. | LLM | SKILL.md:83 | |
| MEDIUM | Potential Command Injection via unsanitized user input to external commands Multiple `yt-dlp` and `curl` commands in the skill take `VIDEO_URL` as an argument. While the provided examples show double-quoting, if the LLM does not consistently apply robust sanitization or quoting to user-provided `VIDEO_URL` before executing these commands, an attacker could inject shell metacharacters (e.g., `"; rm -rf / #`) to execute arbitrary commands. This applies to direct `yt-dlp` calls and the `curl` command that uses `$(yt-dlp --get-thumbnail 'VIDEO_URL')`. Implement strict input validation for `VIDEO_URL` to ensure it conforms to a valid URL format. When constructing shell commands, always use robust escaping mechanisms (e.g., `shlex.quote` in Python) for user-provided arguments to prevent shell injection. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/c93c9fd8b740a3c1)
Powered by SkillShield