ClawHub

Baoyu Youtube Transcript

Security checks across malware telemetry and agentic risk

Overview

This is a coherent YouTube transcript tool, but it can automatically expand into local tool execution and optional browser-session use that deserves review before installation.

Install only if you are comfortable with the agent running yt-dlp or related local tools to fetch transcripts when YouTube blocks the direct path. Do not set YOUTUBE_TRANSCRIPT_COOKIES_FROM_BROWSER unless you explicitly want the skill to use your browser login state for YouTube. Preserve raw outputs separately if you use speaker identification, because the workflow overwrites the markdown transcript.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The documented speaker-identification flow tells the agent to spawn a separate AI sub-agent and overwrite the output file, which extends behavior beyond simple transcript retrieval into autonomous content processing. This increases the trust boundary, may expose transcript contents to additional models or services, and creates risk of unintended actions or data handling not expected from the skill's stated purpose.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill instructs the agent to make `yt-dlp` available on its own when missing, effectively authorizing unreviewed installation or execution of additional software. That expands the runtime and supply-chain risk surface beyond the advertised skill behavior, especially in environments where package installation should require explicit approval.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill reads a browser-cookie source from an environment variable and passes it to yt-dlp, enabling access using a user’s browser session. This can silently expand data access beyond public transcripts and may expose authenticated YouTube data or account-linked content without clear consent boundaries.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documented `--cookies-from-browser` flow can access browser session cookies, which are sensitive authentication artifacts, but the skill provides no strong privacy or security warning. If used casually or automatically, this could expose authenticated browsing data or enable access using the user's logged-in browser state.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
Telling the agent to resolve missing fallback tooling itself omits an important warning that additional software may be downloaded or executed. Users and administrators may not realize the skill can change the environment or introduce new binaries, which is a security and compliance concern even if the intent is convenience.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Subprocess execution with --cookies-from-browser uses ambient browser credentials without any nearby disclosure, confirmation, or audit signal. In an agent context, this can cause the skill to access private/account-scoped resources unexpectedly, violating user expectations and least-privilege principles.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal