Dlazy Download Trends Videos

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed dLazy CLI integration for downloading a YouTube video and returning a hosted file URL, with no hidden local payload or destructive behavior found.

Install only if you trust dLazy and @dlazy/cli with the video URL, task parameters, API key use, and hosted output. Review the CLI source if needed, prefer npx if you do not want a global install, rotate/revoke the dLazy key from the dashboard if exposed, and avoid processing private, regulated, or copyrighted content unless you have the right to do so.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill describes sending inputs to dLazy services and uploading local media to remote storage, but it does not give a prominent, explicit warning that running this command downloads a third-party video and stores it on remote object storage. That omission can cause users or higher-level agents to disclose copyrighted, private, or regulated content to an external service without informed consent, increasing legal and data-handling risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal