Back to skill

Security audit

download-video

Security checks across malware telemetry and agentic risk

Overview

This video-downloader skill appears purpose-related, but it can use browser login cookies for authenticated downloads without sufficiently clear scoping or consent.

Review before installing. Use it only for content you are authorized to download, and do not allow browser-cookie options such as Chrome/Firefox/Safari/Edge unless you explicitly want the agent to use your logged-in browser session for that specific download.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs the agent to execute shell commands and install software, but it declares no permissions. This creates a trust and governance gap: an agent may perform command execution and package installation without explicit authorization or sandboxing expectations, increasing the chance of unsafe execution paths.

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The stated purpose is video downloading, but the documented behavior also includes browser-cookie use for authenticated access, subtitle retrieval, and format enumeration. The cookie-access behavior is materially more sensitive than the description suggests because it may access local browser session data and authenticated content without clear disclosure.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The `--cookies-from-browser` option allows the skill to access browser authentication cookies from Chrome, Firefox, Safari, or Edge and pass them to `yt-dlp`. That materially expands the capability from simple public video downloading into access to authenticated sessions and private content, which is sensitive in an agent context because a user may not realize browser secrets are being accessed.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger conditions are very broad, including nearly any supported video URL and common phrases about saving media. Overbroad activation increases the chance the skill runs in contexts the user did not intend, leading to unnecessary shell execution, network access, or downloads of sensitive/authenticated content.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation recommends `--cookies chrome` without warning that this may read browser session cookies and use them to access authenticated content. In an agent setting, that can expose private account data or enable downloads under the user's logged-in identity without sufficiently informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The troubleshooting section suggests using browser cookies to bypass sign-in or quality restrictions, normalizing access to protected content via existing browser sessions. Without a user-facing privacy warning and explicit authorization, this can lead to unintended use of sensitive session data and access beyond what the user expected the skill to do.

YARA rule 'info_stealer': Information stealer patterns (credential harvesting, browser data theft) [malware]

High
Category
YARA Match
Content
python3 scripts/download.py "URL" -F                  # List formats
python3 scripts/download.py "URL" --subs              # With subtitles
python3 scripts/download.py "URL" -o ~/Desktop        # Custom output dir
python3 scripts/download.py "URL" --cookies chrome    # Use browser cookies
```

### Direct yt-dlp commands
Confidence
72% confidence
Finding
cookies chrome; cookies chrome; cookies chrome

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.