Back to skill

Security audit

视频自动笔记制作

Security checks across malware telemetry and agentic risk

Overview

The skill’s video-note workflow is mostly coherent, but it defaults to reading local browser cookies for YouTube downloads, which should require explicit user approval.

Install only if you are comfortable supervising video downloads. Require the agent to try direct/public downloads first, and only allow `--cookies-from-browser` after you explicitly approve the browser/profile and understand it may use your logged-in session. Avoid using this skill in environments with sensitive browser profiles unless cookie access is disabled or isolated.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to use --cookies-from-browser by default, which accesses authenticated browser session data from the local environment. That exceeds the core need of generating learning notes and can expose sensitive account sessions or private media access if the agent runs in a user context with browser profiles present.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Using browser cookies without an explicit warning prevents meaningful consent for accessing local authenticated data. In practice, this can cause the agent to pull session material from Chrome/Firefox/etc. and use accounts the user did not intend to expose to the skill.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill's context makes this more dangerous because downloading public or semi-private videos does not inherently require access to all browser session cookies, yet the workflow normalizes that access 'by default.' In an agent environment, this broadens the data-access surface from a simple media download to authenticated local credential/session use.

YARA rule 'info_stealer': Information stealer patterns (credential harvesting, browser data theft) [malware]

High
Category
YARA Match
Content
yt-dlp -P "/path/to/workspace" -o "%(title)s.%(ext)s" "VIDEO_URL"

# YouTube: use browser cookies by default to reduce 403 errors
yt-dlp -P "/path/to/workspace" --cookies-from-browser chrome -o "%(title)s.%(ext)s" "YOUTUBE_URL"

# Download subtitles when available; still run qwen-audio/STT unless the user only wants official subtitles
yt-dlp -P "/path/to/workspace" --write-subs --sub-langs all -o "%(title)s.%(ext)s" "VIDEO_URL"
Confidence
96% confidence
Finding
cookies-from-browser chrome; cookies-from-browser chrome` by default. Supported browser cookie sources include `chrome`, `firefox`, `safari`, `edge`, `brave`, and `opera; cookies-from-browser chrome

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.