ClawHub

Youtube Summary

Security checks across malware telemetry and agentic risk

Overview

This skill transparently fetches YouTube transcripts through TranscriptAPI and summarizes them, with normal dependency and privacy considerations but no evidence of hidden or harmful behavior.

Install only if you are comfortable using TranscriptAPI for transcript retrieval. Use a dedicated API key, expect video identifiers and transcript requests to leave your environment, keep requests and yt-dlp updated or pinned, and treat transcript text and custom summary instructions as untrusted summarization input rather than agent instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares no explicit permissions, yet its documented workflow clearly uses environment variables, shell execution, and outbound network access to a third-party transcript service. This creates a transparency and policy-enforcement gap: users or platforms may not realize the skill can access secrets and transmit video identifiers/transcript data externally.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The README states the skill 'kicks in automatically' when a YouTube link is dropped in chat, but it does not clearly document the trigger boundaries or safeguards. Broad auto-activation can cause the agent to process unintended URLs or user messages, leading to unexpected third-party requests and transcript summarization without sufficiently explicit user consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explains that transcripts are extracted via TranscriptAPI.com, but it does not clearly warn users that video URLs and transcript-derived content are sent to a third-party service for processing. This creates a privacy and data-handling risk because users may assume summarization is local and unknowingly disclose viewing interests or sensitive transcript content to an external provider.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The high-level skill description says it summarizes YouTube videos, but it does not clearly warn that video data and transcript content are sent to TranscriptAPI.com, a third-party service. Users may reasonably assume processing is local, so this is a privacy/transparency issue that can lead to unintended external disclosure of watched content or transcript text.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
yt-dlp
Confidence
93% confidence
Finding
requests

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
yt-dlp
Confidence
95% confidence
Finding
yt-dlp

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
requests

Known Vulnerable Dependency: yt-dlp — 7 advisory(ies): CVE-2023-46121 (yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection); GHSA-3v33-3wmw-3785 (yt-dlp has dependency on potentially malicious third-party code in Douyu extract); CVE-2023-40581 ( yt-dlp on Windows vulnerable to `--exec` command injection when using `%q`) +4 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
yt-dlp

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal