Youtube Comment Manager

Security checks across malware telemetry and agentic risk

Overview

This skill clearly describes a YouTube comment-management integration, including posting, deletion, moderation, and bans, and those capabilities fit its stated purpose.

Install only if you are comfortable giving AgentPMT-hosted tooling access to manage YouTube comments through your connected Google account. Use human review before deleting comments, rejecting comments in bulk, posting replies, or banning authors, especially because bans must be reversed through YouTube Studio.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill exposes destructive actions like delete_comment, moderate_comments with rejected status, and irreversible author bans, but it does not recommend confirmation or warn agents to seek explicit user approval before taking high-impact moderation actions. In an autonomous or semi-autonomous agent setting, this increases the risk of accidental deletions, wrongful bans, and irreversible moderation mistakes affecting channel operations and user trust.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal