Youtube Search and Tracking API

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward YouTube search helper that uses a declared AISA API key to call AIsa's external API, with no evidence of hidden execution, persistence, or destructive behavior.

Install only if you are comfortable using AIsa as the external YouTube search provider. Use a dedicated AISA_API_KEY where possible, monitor usage and costs, and avoid submitting secrets, personal data, customer names, or confidential research terms unless your policy allows sharing them with that API provider.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs users to send authenticated requests with a bearer token to a third-party API but does not disclose the privacy and data-sharing implications. User queries, region/language parameters, and request metadata may contain sensitive business research or personal interests and will be transmitted off-platform without an explicit warning.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal