Youtube

Security checks across malware telemetry and agentic risk

Overview

This YouTube skill is coherent and purpose-aligned, but users should treat its third-party MCP server and API key handling as trust decisions.

Install only if you trust the zubeid-youtube-mcp-server package or repository, prefer pinned or reviewed versions, restrict the YouTube API key to YouTube Data API v3, and keep the key out of source control and shared files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The security note makes strong trust claims that are contradicted by the rest of the skill. The documented fallback uses yt-dlp against youtube.com/subtitle endpoints and also relies on a third-party MCP package or source checkout, so telling users that only googleapis.com is contacted can mislead them about real network exposure and trust boundaries.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README instructs users to place a YouTube API key directly into a plaintext local config file and does not warn that the credential is sensitive or should be protected from source control, backups, or sharing. While this is common documentation practice, it can lead to accidental credential exposure and quota abuse if users copy the example into tracked files or insecure environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal