Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- src/cli.js:32
Security audit
Security checks across malware telemetry and agentic risk
This appears to be a YouTube digest helper that uses yt-dlp for video metadata or transcripts, with a command-execution hardening concern but no evidence of hidden data theft or persistence.
Install only if you expect the skill to run yt-dlp locally on video URLs you provide. Prefer reviewed versions that call yt-dlp without a shell, keep yt-dlp updated, and avoid passing untrusted or strangely crafted URLs.
66/66 vendors flagged this skill as clean.
Detected: suspicious.dangerous_exec