Youtube

The skill is classified as suspicious due to its instructions in `SKILL.md` for the AI agent to `git clone` an external repository (`https://github.com/ZubeidHendricks/youtube-mcp-server`) into `/tmp` and then execute `npm install` and `npm run build` within that directory. This constitutes a significant supply chain risk, as it allows for arbitrary code execution if the remote GitHub repository were compromised or contained malicious code. While presented as a setup or troubleshooting step, it's a direct instruction to fetch and execute unverified code from an external source, introducing a high-risk capability without clear malicious intent within the provided skill files themselves.