Back to skill

Security audit

summarizer

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it needs Review because it can install unpinned third-party code, send full transcripts to external services, and store full transcripts without clear consent or retention controls.

Install only if you are comfortable with full YouTube transcripts being sent to SkillBoss for summarization, saved on the host, and sent as files in Telegram contexts. Review or pin the third-party transcript server before installing, and prefer running this in a contained environment with an explicit policy for deleting saved transcript files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to persist full transcripts to disk and send them to Telegram, but it does not require explicit user consent, disclose retention, or limit what gets shared. Even if YouTube content is public, transcripts can still contain sensitive material, and forwarding or storing them creates unnecessary privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill sends full transcript text and metadata to a third-party API for summarization without warning the user or obtaining consent. This is an external disclosure of user-requested content and may violate privacy expectations, organizational policy, or data-handling requirements if the transcript contains sensitive information.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The sample output explicitly states that transcripts are saved locally and, on some platforms, not sent back to the user, which creates persistent storage of potentially sensitive content. While this appears to be ordinary product behavior rather than malicious intent, retaining transcripts on disk without a clear retention policy, consent flow, or stronger warning can expose user data to unintended access on the host system.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.