Youtube Transcriber Skill

Security checks across malware telemetry and agentic risk

Overview

This YouTube transcription skill does what it says, but a crafted video link could make its launcher run unintended commands on the user’s computer.

Review before installing, especially if the skill may receive links from untrusted sources. The core Python transcriber is purpose-aligned, but the JavaScript launcher should be fixed to call Python with an argument array and stricter YouTube URL parsing before routine use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The skill builds a shell command with untrusted user-controlled values (`url` and `lang`) and executes it via `execSync`, which invokes a shell. Although `lang` is allowlisted, `url` is only loosely filtered by substring matching and can contain shell metacharacters, enabling command injection and arbitrary command execution on the host running the skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal