Search YouTube videos, channels, and playlists

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only AIsa YouTube search skill that needs an AIsa API key and sends searches to AIsa, with some extra cross-service examples users should notice.

Install only if you trust AIsa with your YouTube search queries and API-key-backed usage. Use a revocable or quota-limited AISA_API_KEY if available, avoid putting sensitive information in search or summary prompts, and treat the chat-completions and smart-search examples as extra AIsa services beyond the main YouTube search purpose.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill is advertised as a YouTube search skill, but its documentation also instructs use of unrelated AIsa LLM and web-search endpoints. This expands the effective capability surface of the skill, encouraging operators to send data and reuse the same API key across additional services that were not implied by the skill’s stated purpose.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The document explicitly says other AIsa capabilities belong in aisa-core, then later provides direct examples invoking chat completions and smart web search anyway. This inconsistency can mislead users and reviewers about the true behavior and trust boundary of the skill, increasing the chance of unapproved data transmission and credential reuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal