Back to skill

Security audit

YouTube Analytics

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent YouTube analytics helper that uses a disclosed YouTube API key and saves fetched public analytics data locally as documented.

Install this only in a workspace where saved YouTube queries, channel/video metadata, and generated summaries may remain on disk under results/. Use a restricted YouTube Data API key, avoid sharing the .env file or results directory, and delete saved results when you no longer need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill instructs users to place a YouTube API key in a local .env file and therefore clearly relies on environment-based secrets, but the metadata does not declare this capability or permission boundary. Undeclared secret access reduces transparency and can cause the agent runtime or reviewer to underestimate the skill's access to sensitive credentials.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The function saves fetched YouTube video data to local storage by default even though callers may reasonably expect a read-only analytics helper. Implicit persistence expands data handling without explicit user consent or clear necessity, creating retention and privacy risk if stored results contain user-queried targets, metadata, or are later exposed through logs, shared files, or other tooling.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The bulk and channel retrieval paths also persist collected data by default, increasing the amount of third-party content metadata retained and broadening the gap between stated analytics behavior and actual storage behavior. Because these functions can save many records at once, they amplify accidental data accumulation and raise exposure risk if the storage layer is insecure or operators are unaware of the retention.

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The module persists API results to local JSON files with metadata, which expands the skill from transient analytics into local data retention. In an agent context, this can create unintended collection of user-derived data, surprise persistence, and possible later disclosure if other components can read the results directory.

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The code reads previously saved local result files and exposes a local state layer not described in the manifest. This increases risk because prior analysis outputs may be accessible across runs or contexts, enabling unintended data reuse, leakage, or confusion about data provenance.

Missing User Warnings

Low
Confidence
79% confidence
Finding
The skill states that all results are automatically saved as JSON and later summarized into markdown files, but this persistence behavior is not prominently disclosed up front as a side effect of normal use. Silent disk writes can expose analyzed data, search queries, and derived summaries to other local users, later processes, backups, or source-control accidents.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The API reference states that fetched YouTube data is saved by default but does not clearly warn users that calling these functions will write local JSON files. Hidden or insufficiently disclosed filesystem writes can create unintended data retention, privacy exposure, and operational side effects, especially when users expect read-only analytics behavior.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The storage section describes JSON file writes and reads but lacks an explicit warning that using the toolkit modifies the local filesystem and retains potentially sensitive fetched content. In an agent/tooling context, undocumented persistence can violate least surprise, increase data leakage risk, and leave artifacts that may later be accessed by other tools or users.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.