Back to skill

Security audit

Youtube Downloader Skimmer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed YouTube download-and-clipping skill with expected local media processing, but users should notice the raw-download deletion default and the advertised messaging-platform delivery behavior.

Install only if you are comfortable with yt-dlp and ffmpeg processing YouTube URLs and writing media files locally. Use a dedicated output directory, assume the raw downloaded video may be deleted after clipping, and treat QQ/Telegram delivery claims cautiously because the reviewed code does not actually implement those sends.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises shell-capable behavior such as invoking yt-dlp and ffmpeg, but it does not declare any permissions or execution constraints. This creates a transparency and review gap: users and the platform cannot clearly assess that the skill may run local commands and process attacker-controlled input such as URLs, chapter names, and output paths.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README advertises sending downloaded media to QQ/Telegram but does not warn users that media will be transmitted to third-party services, potentially exposing copyrighted or sensitive content outside the local system. In a downloader skill, outbound sharing materially changes the privacy and compliance risk profile, so the missing disclosure is a real security/privacy issue even if it appears optional.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README describes optional deletion of original files without any caution about destructive behavior or data recovery implications. Even if user-controlled, deletion of the raw download can cause unintended data loss, especially when users may assume clipping is non-destructive or may not realize the original is needed for later verification or reprocessing.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow includes sending downloaded clips to external platforms like QQ or Telegram, but the description does not prominently warn users that video content may be transmitted off-device. This is dangerous because users may assume the skill only downloads and clips locally, leading to unintended disclosure of potentially sensitive or copyrighted media to third-party services.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill defaults to deleting the raw downloaded video while not providing a prominent warning about that destructive behavior. This can cause irreversible data loss, especially if clipping fails, chapters are parsed incorrectly, or the user expected to retain the full original download for verification or reprocessing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Raw video deletion is enabled by default in configuration, creating destructive behavior without explicit user consent or prominent warning. In a media-processing skill, users may reasonably expect the original download to remain available, so silent cleanup can cause data loss and hinder forensic review or recovery after errors.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The CLI flag is configured with action='store_true' and default=True, which effectively makes deletion always enabled and prevents meaningful user choice. This is dangerous because the tool automatically removes downloaded source material after processing, increasing the chance of accidental irreversible data loss.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.