Yt2bb

Security checks across malware telemetry and agentic risk

Overview

This media skill is coherent, but it needs Review because its default workflow can use logged-in Chrome YouTube cookies without clear opt-in controls.

Install only if you are comfortable with the agent using your logged-in Chrome YouTube session for downloads. Prefer public downloads without cookies, or use a separate low-privilege browser profile or scoped cookie file, and require confirmation before any cookie-backed download or playlist processing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The README explicitly states that yt-dlp will automatically extract cookies from a logged-in Chrome browser. That extends the skill from simple video processing into access to browser session material, which can expose authenticated YouTube or Google account context without a strong warning, explicit consent flow, or scope limitation. In an agent/automation setting, this is more dangerous because users may not realize the skill can touch local browser credentials while performing a seemingly unrelated media task.

Context-Inappropriate Capability

Low

Confidence: 88% confidence
Finding: The pre-flight `git fetch` introduces an unnecessary outbound network action before normal operation. While it does not auto-execute fetched code, contacting a remote repository can leak environment metadata and normalizes network activity unrelated to the immediate user task.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Using `yt-dlp --cookies-from-browser chrome` grants the skill access to the user's browser session cookies, which are highly sensitive authentication artifacts. Even if intended only for YouTube access, this capability significantly expands access to private or age-gated content and is dangerous in an agent context because browser-cookie access resembles credential harvesting behavior.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README explicitly states that yt-dlp extracts YouTube account cookies automatically from the Chrome browser, but it does not warn users that browser cookies can grant authenticated access and may expose account session material. In a security-sensitive agent skill, normalizing automatic cookie extraction without clear consent and handling guidance increases the risk of unintended credential misuse or privacy exposure.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation mentions automatic extraction of YouTube login cookies but does not present a clear privacy and security warning. This omission can mislead users into granting access to sensitive browser session data without understanding that authenticated cookies may be read and used by tooling, potentially exposing account access or related session information. Because this is packaged as a reusable skill, the missing warning increases the risk of silent over-collection in agent-driven workflows.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The manifest enables implicit invocation but does not define narrow trigger conditions or examples, which increases the chance the skill is auto-selected in contexts the user did not intend. Because this skill can download external content and rely on browser-derived authentication state, accidental invocation could lead to privacy-sensitive actions or unexpected processing of user-linked resources.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The capability list advertises downloading via Chrome cookie authentication without any visible warning about accessing browser session data, authenticated content, or the privacy implications of using local login state. In this skill's context, that is more dangerous because the tool is specifically intended to fetch YouTube content and may access private, age-restricted, region-restricted, or account-scoped resources using the user's browser session.

YARA rule 'info_stealer': Information stealer patterns (credential harvesting, browser data theft) [malware]

High

Category: YARA Match
Content: | Step | Tool | Command | Output | |------|------|---------|--------| | 0. Update | `git` | Auto-check for skill updates | — | | 1. Download | `yt-dlp` | `yt-dlp --cookies-from-browser chrome -f ... -o ...` | `{slug}.mp4` | | 2. Transcribe | `whisper`* | `srt_utils.py check-whisper` then transcribe | `{slug}_{lang}.srt` | | 2.5 Validate | `srt_utils.py` | `srt_utils.py validate / fix` | `{slug}_{lang}.srt` (fixed) | | 3. Translate | AI | SRT-aware batch translation | `{slug}_zh.srt` |
Confidence: 86% confidence
Finding: cookies-from-browser chrome; cookies-from-browser chrome; cookies-from-browser chrome; cookies-from-browser chrome` requires Chrome; cookies-from-browser chrome; cookies**: Step 1 uses `yt-dlp --cooki

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal