Back to skill

Security audit

Youtube Outlier Skill

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: finds YouTube trends, saves results to Google Sheets, and posts summaries to Discord, but users should configure those external services carefully.

Install this only if you intend to send YouTube research results to a configured Google Sheet and Discord channel. Use a least-privilege Google service account, limit the Discord bot to the target channel, avoid sensitive internal research topics unless Anthropic/Google/Discord handling is acceptable, and update or audit the axios dependency before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The code hard-codes `DRY_RUN = false` while presenting a prominent dry-run block, so the default execution path always performs real Google Sheets writes and Discord posting. This mismatch can mislead operators into believing the skill is non-destructive or preview-only, increasing the chance of unintended external data transmission and side effects.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly describes sending collected YouTube-derived data to Google Sheets and optionally to Discord, but it does not warn users that data will be transmitted to third-party services or clarify what content may be shared. In an agent-skill context, this can lead to unintentional disclosure of transcripts, metadata, or summaries to external platforms, especially if operators assume processing is local.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description says it analyzes YouTube videos and stores results, but it does not clearly warn users up front that it will send data to external services by writing to Google Sheets and posting summaries to Discord. This can cause unintended data disclosure or unexpected third-party sharing, especially when users assume analysis is local or do not realize the destinations of the output.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill accesses API credentials from environment variables and then transmits processed data to Google Sheets and Discord without any user-facing disclosure, consent check, or indication that third-party services will be contacted. In an agent-skill context, silent exfiltration to external services is risky because even seemingly harmless input or derived content may contain sensitive or proprietary information.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The function sends video title, description, and potentially transcript content to Anthropic, which is a third-party service, without any evidence in this file of notice, consent, minimization, or tenant-controlled opt-in. Even if the data is not highly sensitive by default, transcripts and descriptions can contain personal, proprietary, or regulated content, creating privacy, compliance, and unexpected data-sharing risk.

Known Vulnerable Dependency: axios==1.13.6 — 10 advisory(ies): CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF); CVE-2026-42044 (Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `pars); CVE-2026-42037 (Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in f) +7 more

High
Category
Supply Chain
Confidence
99% confidence
Finding
axios==1.13.6

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
index.ts:9

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
youtubeUtils.ts:24