Skill

Security checks across malware telemetry and agentic risk

Overview

This Markdown converter is mostly purpose-aligned, but it should be reviewed because YouTube failures can automatically reuse Chrome login cookies without a clear opt-in step.

Install only if you are comfortable with the tool potentially reading Chrome cookies for YouTube. Prefer stdout output, avoid sensitive paths, and use a dedicated browser profile or require explicit approval before any cookie-based retry.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly states that on YouTube bot-detection failures, the tool will automatically retry using browser cookies from Chrome, yet provides no privacy or consent warning. Automatically accessing browser cookies can expose authenticated session data to remote services and may surprise users who did not intend to share logged-in state.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal