vsum

Security checks across malware telemetry and agentic risk

Overview

This video summarizer does what it claims, but its Bilibili path automatically reads Chrome browser cookies, so users should review that access before installing.

Install only if you are comfortable with Bilibili runs reading Chrome cookies through yt-dlp. Prefer using a dedicated browser profile or site-specific exported cookie file, avoid private videos or sensitive transcripts unless you trust the chosen AI provider, and verify yt-dlp comes from a trusted source.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The skill's declared behavior does not fully disclose material actions and limitations, especially that Bilibili subtitle retrieval may access browser cookies and that transcript content is sent to third-party AI APIs. This kind of mismatch can mislead users into approving actions they would not otherwise consent to, creating privacy and trust risks even if the primary purpose is legitimate.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The script invokes `yt-dlp --cookies-from-browser chrome` for Bilibili, which causes extraction and use of the user's Chrome cookies. That is credential/session access beyond the stated purpose of summarizing video subtitles, and it is done automatically without clear necessity, consent flow, or scope limitation. In the context of a summarization skill, this makes the behavior more suspicious because subtitle retrieval should not silently touch browser session data unless explicitly justified and disclosed.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs use of `--cookies-from-browser chrome` for Bilibili access but does not present this as a sensitive action requiring explicit user awareness and consent. Reading browser cookies can expose authenticated session material, so normalizing it without a warning increases the chance of over-privileged or unintended data access.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill states that an AI API is used for summarization but does not clearly warn users that subtitle/transcript text from videos will be transmitted to external providers. That omission matters because transcript content may include copyrighted, private, or sensitive material, and users need enough information to make an informed disclosure decision.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script accesses Chrome browser cookies for Bilibili without an explicit warning, confirmation, or privacy notice to the user. Even if the goal is to access login-gated subtitles, silently reading browser credentials can expose sensitive session material and violates least surprise, which is especially risky in an agent skill users may run with broad trust.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal