ClawHub

Youtube Analytics

Security checks across malware telemetry and agentic risk

Overview

This YouTube Analytics skill is legitimate-looking, but it gives an agent broad authenticated Membrane/YouTube action and proxy access without clear safeguards for delete or update operations.

Install only if you trust Membrane and are comfortable delegating YouTube access through it. Check the OAuth scopes carefully, prefer read-only report actions when possible, and require explicit confirmation before any delete, remove, update, comment, channel, or raw proxy request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The manifest advertises channel/comment/report management, but the documented operations primarily cover analytics reporting and group management. This mismatch can mislead users and orchestration systems about what the skill can actually access or modify, weakening informed consent and safe tool selection.

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The manifest advertises channel/comment/report management, but the documented operations primarily cover analytics reporting and group management. This mismatch can mislead users and orchestration systems about what the skill can actually access or modify, weakening informed consent and safe tool selection.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes a destructive delete-group action without any warning, confirmation, or guidance to verify user intent before execution. In an agentic setting, this increases the chance of accidental deletion from ambiguous prompts or over-eager automation, especially because the skill also encourages direct action discovery and execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal