YouTube Assistant

Security checks across malware telemetry and agentic risk

Overview

The skill’s YouTube features are coherent, but unsafe handling of user and video text can let crafted input run local Python code.

Install only if you accept Review-level risk or are testing it in a controlled environment. Avoid running it on untrusted links or videos until the script is fixed to pass user/video text as data rather than executable Python source, and use AI commands only when you are comfortable sending transcript content and metadata to EvoLink.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (12)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill documentation instructs users to run shell commands, use environment variables, and create temporary files, but the manifest does not declare corresponding permissions. This creates a transparency and governance gap: users or hosting platforms may not realize the skill requires shell, env, file read, and file write capabilities, which can weaken sandboxing decisions and informed consent even if the described behavior appears legitimate.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README advertises AI summarization and Q&A backed by the EvoLink API, but does not clearly disclose that user-supplied video URLs, transcripts, prompts, or derived content may be sent to a third-party service. This creates a real transparency and privacy risk because users may unknowingly transmit sensitive research topics, private/unlisted video references, or prompt content off-platform.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README advertises AI summarization and question-answering via the external EvoLink API but does not clearly warn users that video transcripts or derived content may be transmitted to a third-party service. This creates a real transparency and privacy risk because users may submit sensitive or proprietary video content under the assumption processing is local.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README advertises AI features backed by the EvoLink API, which implies transcript, metadata, and possibly user questions are transmitted to a third-party service, but it does not clearly warn users about this external data sharing. In a skill that processes arbitrary YouTube content and user prompts, lack of disclosure can cause users to unintentionally send sensitive or proprietary material off-platform.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README advertises AI summarization and Q&A features backed by the EvoLink API, which implies video transcripts, prompts, and possibly other user-supplied content will be transmitted to a third-party service. Because the documentation does not clearly disclose this data flow, users may unknowingly send sensitive or proprietary content off-box, creating privacy, compliance, and data-handling risk.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README instructs users to configure an external EvoLink API key and advertises AI-powered summary features, but it does not clearly disclose that video transcripts, metadata, prompts, or derived content may be sent to a third-party service. This creates a transparency and privacy risk because users may unknowingly process sensitive URLs or content through an external provider.

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The README advertises transcript retrieval, metadata lookup, channel listing, search, and AI summarization features, but it does not clearly disclose that user-provided URLs, queries, or extracted transcript content may be sent to third-party components such as yt-dlp and the EvoLink API. This is a real transparency and privacy issue because users may unknowingly provide sensitive links or content to external services, especially for the AI commands that explicitly depend on a remote API.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill advertises very broad trigger phrases such as 'summarize this video' and 'what are the key points in this video?', which are common everyday requests that may appear in contexts where the user did not specifically intend to invoke this skill. Because the skill can fetch external content and optionally transmit transcript data to a third-party API, unintended invocation could cause unnecessary network access, processing of user-supplied URLs, or accidental data sharing when the user expected a different tool or a local-only response.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The AI commands send collected video transcript text and metadata to the third-party EvoLink API, but the script does not present a clear runtime warning or require explicit user confirmation before transmitting that content. Even if the content is 'just' YouTube data, transcripts, prompts, and user questions may contain sensitive or proprietary material in some workflows, creating a privacy and data-governance risk.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The AI features send user-provided video metadata and transcript text to the external EvoLink API, but the commands only say things like 'Generating AI summary...' and do not clearly disclose that content is leaving the local machine. This creates a real privacy and data-handling risk, especially if transcripts contain sensitive or proprietary material, even though the feature appears intentionally designed rather than malicious.

External Transmission

Medium

Category: Data Exfiltration
Content: " local response response=$(curl -s -X POST "$EVOLINK_API" \ -H "Authorization: Bearer $api_key" \ -H "Content-Type: application/json" \ -d "@$tmpfile")
Confidence: 92% confidence
Finding: curl -s -X POST "$EVOLINK_API" \ -H "Authorization: Bearer $api_key" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: " local response response=$(curl -s -X POST "$EVOLINK_API" \ -H "Authorization: Bearer $api_key" \ -H "Content-Type: application/json" \ -d "@$tmpfile")
Confidence: 88% confidence
Finding: curl -s -X POST "$EVOLINK_API" \ -H "Authorization: Bearer $api_key" \ -H "Content-Type: application/json" \ -d

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal