Back to skill

Security audit

Youtube

Security checks across malware telemetry and agentic risk

Overview

This YouTube skill is coherent and useful for its stated purpose, but users should treat the third-party MCP server, yt-dlp fallback, and API key storage as trust decisions.

Install only if you trust the zubeid-youtube-mcp-server package or repository and yt-dlp. Prefer pinned or reviewed versions, restrict the YouTube API key to YouTube Data API v3, keep the key out of source control and shared files, and rotate it if exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The security note makes an overbroad trust claim that all network calls go only to googleapis.com, but the documented fallback invokes yt-dlp against youtube.com URLs and may also contact additional YouTube/CDN endpoints during subtitle retrieval. Misstating network behavior can cause users to make unsafe trust decisions, especially when handling API keys and installing third-party tooling.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README instructs users to place a YouTube API key in environment variables or a local config file but does not explicitly warn that the value is a sensitive credential that must not be committed, logged, or shared. This can lead to accidental disclosure through shell history, screenshots, dotfile sync, backups, or source control, enabling unauthorized use of the API key and quota abuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.