Back to skill

Security audit

Content Creator Skill

Security checks across malware telemetry and agentic risk

Overview

This skill coherently analyzes YouTube videos, stores followed creators locally, and can send update notifications when the user or host invokes that action.

Before installing, be comfortable with a local watchlist file that records followed YouTube creators and last-seen upload state. Use a restricted YouTube API key if configured, set the watchlist path intentionally on shared systems, and only enable notification actions for delivery targets you expect to message.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The skill description presents a simple YouTube analysis/follow feature, but the documented broader behavior includes persistent local storage, notification delivery, feed scraping, and management operations not clearly disclosed up front. This weakens informed user consent and can cause users or hosts to approve a skill without understanding that it stores watchlists locally and may send automated notifications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The limitations/scope sections acknowledge local JSON watchlist persistence and runtime notification delivery, but the skill description does not prominently warn users that following creators stores data locally and may result in automatic notifications. This is dangerous because it undermines transparency around retained user preferences and autonomous outbound behavior, which can have privacy and consent implications in shared or sensitive environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.