Security audit

Youtube Channel Management

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent YouTube management integration, but it gives agents high-impact posting and deletion abilities without clear confirmation safeguards.

Install only if you intend to let AgentPMT manage a connected YouTube channel. Before use, require your agent to confirm exact resource IDs and intended privacy, publish, notification, and deletion settings with you, especially for public uploads, scheduled publishing, delete/remove actions, and remove_all playlist operations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The schema exposes destructive operations such as deleting videos, playlists, captions, and channel sections, while the manifest description emphasizes management and upload capabilities without clearly calling out irreversible deletion features. This mismatch can cause an orchestrating agent or user to grant trust under incomplete assumptions, increasing the chance of unintended destructive use.

Description-Behavior Mismatch

Low

Confidence: 84% confidence
Finding: The schema includes a caption download feature that writes caption content to File Manager, but this data-flow capability is not reflected in the manifest description. Even if captions are expected content, undocumented export-to-storage behavior expands the skill's effective data handling surface and may surprise users or calling agents.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill exposes destructive operations such as video, playlist, caption, and channel-section deletion without requiring or even recommending user confirmation, dry-run behavior, or explicit acknowledgment. In an agentic setting, this increases the chance of accidental irreversible content loss through prompt misunderstanding, tool misuse, or chained automation.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill supports uploads, privacy changes, and publish timing but does not warn that these actions can expose content publicly or notify subscribers if configured. In autonomous or semi-autonomous workflows, missing user-facing warnings can cause unintended publication, reputational harm, or premature disclosure of private material.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: Destructive actions are documented as ordinary operations without warnings, confirmation guidance, or indications of irreversibility. In an agentic environment, this lowers the barrier to accidental deletion of user content because the schema provides no built-in cues that these calls require extra care.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: Playlist-removal actions can modify curated user content and potentially remove multiple matching items, yet the schema omits warnings about the consequences. Because playlist organization can represent meaningful user work, the lack of cautionary guidance increases the risk of accidental bulk modification or loss of channel organization.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal