YouTube Daily Digest: Auto Monitor & Summary 🥥Meow

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward YouTube-to-Gemini-to-Telegram summarizer bot, with expected external service use and manageable setup risks.

Install only if you are comfortable sending monitored video transcripts or downloaded audio to Google Gemini and posting summaries to the configured Telegram chat. Use environment variables for secrets, restrict the bot to intended channels and chats, pin dependency versions before production use, and periodically clear downloaded audio if you do not need to retain it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill sends transcript text or downloaded audio to Google Gemini and sends generated summaries to Telegram, but the description does not clearly warn users that video-derived content is transferred to external services. This omission can expose sensitive or copyrighted content to third parties without informed user consent and can create privacy, compliance, and data-handling risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal