Back to skill

Security audit

youtube-video-api-skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward BrowserAct integration for extracting YouTube channel video data, with disclosed API-key use and no hidden persistence or destructive behavior.

Install only if you are comfortable using BrowserAct for YouTube data extraction. Prefer setting BROWSERACT_API_KEY through a secure environment or secret manager instead of pasting it into chat, use a dedicated/revocable key, and assume the target channel URL and workflow parameters are sent to BrowserAct.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill requires access to an environment secret (`BROWSERACT_API_KEY`) and makes outbound requests to BrowserAct, but it does not explicitly declare corresponding permissions. That creates a transparency and policy-enforcement gap: an agent or platform may allow execution without users clearly understanding that secrets and network access are involved, increasing the risk of unintended external data disclosure or misuse of credentials.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The proactive invocation text is broad enough to trigger on many generic research, monitoring, and analytics requests, which can cause the agent to call an external API more often than users reasonably expect. In context, that increases the chance of sending channel targets and analysis intent to a third party without sufficiently clear user confirmation, especially for competitor tracking or monitoring workflows.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill does not clearly warn users that supplied YouTube channel URLs and related request parameters will be sent to BrowserAct, an external service. This is a real disclosure issue because users may assume the agent is operating locally; lack of notice undermines informed consent and can expose sensitive research targets, business monitoring interests, or usage patterns to a third party.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script explicitly tells the user to 'Provide it to me or set it as an environment variable,' which encourages direct disclosure of a sensitive API credential to an agent or intermediary instead of using a safer secret-handling path. In an agent skill context, this is dangerous because users may paste live credentials into chat, logs, task transcripts, or other systems that are not designed for secret storage, increasing risk of credential leakage and downstream account abuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.