ClawHub

Youtube Script

Security checks across malware telemetry and agentic risk

Overview

This is a local YouTube workflow helper that saves entered text on disk; that persistence is documented, and no network, credential, or destructive behavior was found.

Install only if you are comfortable with YouTube drafts, hooks, titles, schedules, and related notes being saved locally and later searchable/exportable. Avoid entering secrets or highly confidential material, and remove ~/.local/share/youtube-script manually if you want to purge retained history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill is presented primarily as a YouTube scripting aid, but the file also describes persistent logging of all user inputs, searchable history, exports, and status reporting. This creates a real transparency and consent problem because users may provide drafts, unpublished campaign ideas, sponsor details, or other sensitive content without realizing it will be retained and easy to retrieve or export.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill claims to draft, edit, optimize, and otherwise generate YouTube content, but the implementation only stores raw user input in local log files and later exposes it via status/export/search features. This mismatch is security-relevant because users may provide sensitive or unpublished content under the assumption they are invoking a content-generation tool, while the actual behavior is silent persistence and retention of that data.

Context-Inappropriate Capability

Low
Confidence
87% confidence
Finding
The export, search, recent, and status commands introduce a local data-management surface that is broader than the stated YouTube writing function and makes previously entered content easier to enumerate and extract. In context, this increases the risk of privacy leakage of drafts, prompts, or other sensitive text without a clear user expectation that such archival functionality exists.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The help text markets the script as a functional content toolkit, but the named operations do not perform drafting or optimization and instead append user input to persistent logs. That deceptive behavior makes the tool more dangerous because it can induce users to submit proprietary scripts, campaign plans, or credentials embedded in text while receiving none of the promised processing.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The document states that operations are logged with timestamps, but it does not clearly warn that user-provided content and activity history are stored locally across multiple log files and can later be exported. This is dangerous because users may enter confidential drafts or business information under the assumption of ephemeral processing, leading to unintended disclosure on shared systems or through later exports.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The command handlers persist user-provided text to files under ~/.local/share/youtube-script without warning, and this pattern repeats across many commands. Silent storage of free-form content is risky because users may paste confidential drafts, unreleased marketing plans, API keys, or personal data, all of which then remain on disk and are retrievable through other commands.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal