Back to skill

Security audit

Yt Dlp Downloader

Security checks across malware telemetry and agentic risk

Overview

This is a clear video downloader, but it needs review because it tells agents to use browser login cookies and broad shell/network permissions without clear consent controls.

Install only if you are comfortable with an agent running yt-dlp shell commands and creating downloaded files locally. Do not allow browser-cookie use unless you explicitly want the agent to use your logged-in browser session; prefer trying downloads without cookies first, or use a dedicated browser profile or exported cookie file with limited scope.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill directs the agent to extract cookies from a local browser to complete routine YouTube downloads. Browser cookies are privacy- and security-sensitive authenticated session data, and accessing them exceeds the minimum needed for a downloader unless the user is clearly informed and explicitly consents. In an agent context, this materially increases the risk of unauthorized access to account-linked content and exposure of session secrets.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The workflow instructs use of Shell with `required_permissions: ["all", "network"]`, which is overly broad for a downloader. A skill that can run arbitrary shell commands with full permissions and network access has far more capability than necessary and increases the blast radius if the command construction is influenced by user input or the skill is triggered unexpectedly.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger list is broad and includes common terms like `YouTube`, `download video`, and `extract audio`, which may cause the skill to activate in contexts where the user did not intend this specific downloader workflow. In combination with shell execution and cookie access guidance, accidental invocation becomes more dangerous than a normal routing issue.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill recommends browser-cookie extraction without a user-facing warning that this accesses sensitive local browser data and authenticated sessions. Users may not understand that this goes beyond downloading a public video and could expose account-linked access or private content.

Missing User Warnings

High
Confidence
94% confidence
Finding
The workflow tells the agent to execute networked shell commands with broad permissions but does not require a safety notice or confirmation. In an agent environment, executing external commands against attacker-controlled URLs without a warning increases the risk of unintended downloads, filesystem changes, and misuse of excessive privileges.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.