ClawHub

You2idea Extract

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do the advertised YouTube idea extraction, but users should expect tool installation, transcript downloads, local file writes, and optional pipeline publishing if they use the reference workflow.

Install only if you are comfortable letting the skill run shell commands, install Python/CLI dependencies, contact YouTube or related services, and create or update local transcript and markdown files. Review any batch-download or public upload steps separately, and confirm output paths before allowing writes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
The skill instructs the agent/user to install external packages and CLI tools at runtime, which expands the trust boundary to arbitrary third-party code and network retrieval. In an agent setting, package installation is risky because it can introduce supply-chain exposure, unexpected side effects, and environment modification beyond the user's original request.

Missing User Warnings

Low
Confidence
79% confidence
Finding
The skill directs writing results to docs/youtube-ideas.md without explicit notice or confirmation, causing silent workspace modification. While low severity, unattended file writes can overwrite user content or create unexpected artifacts in repositories and automated environments.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The standalone workflow downloads subtitles and creates transcript files locally without warning, which changes the filesystem as a side effect of analysis. In agent workflows, hidden file creation is unsafe because users may expect read-only analysis and may not realize external content is being persisted.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The channel-analysis path performs batch transcript downloads and creates multiple local files, increasing side effects and resource consumption without explicit consent. Batch operations amplify the risk of clutter, disk use, accidental overwrites, and unanticipated network activity.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The final output instructions again prescribe writing analysis to a local markdown file without warning about workspace modification or overwrite behavior. This is a real but low-severity safety issue because it encourages persistent changes when the user may only want a transient summary.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The pipeline explicitly downloads raw VTT subtitle files and uploads them to a public R2/CDN location, creating a broad redistribution surface for transcript data. Even if the source content is publicly accessible on YouTube, bulk collection, retention, and republishing can introduce privacy, licensing, and data exposure risks—especially when users are not warned that transcript content will be stored and published outside the original platform context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal