ClawHub

Withme Youtube

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed YouTube production workflow, but it gives an agent broad automated access to local credentials, browser sessions, downloads, and publishing actions.

Install only if you trust and have inspected the referenced shared scripts, use dedicated least-privilege credentials, and require explicit confirmation before any credential use, CDP/browser automation, Envato download, upload-queue change, or YouTube scheduling/publishing step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill directly reads an API key from a local configuration file and later references local OAuth client secrets for upload automation. This expands the skill from content production into secret access and credential use, creating risk of unauthorized account actions, credential leakage, or reuse outside the intended workflow if the skill is triggered unexpectedly or modified.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The workflow uses Chrome DevTools Protocol against a local debugging endpoint to manipulate browser pages and force downloads. Low-level browser control is powerful and dangerous because it can interact with any debuggable page, bypass normal safety boundaries, and be repurposed for unintended actions beyond downloading licensed audio.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes broad natural-language phrases such as 'withme' and '开始制作', increasing the chance of accidental activation. In this skill, accidental activation is more dangerous than usual because the workflow can access secrets, browse external services, download content, and schedule uploads with limited checkpoints.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents automatic upload scheduling using local OAuth credentials and a real Google account, but provides no prominent risk warning or explicit consent boundary. Because these actions affect an external account and publish content, insufficient warning materially increases the chance of unauthorized or mistaken account operations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow retrieves an API key from local config and then automates external asset acquisition without any visible user-facing warning about credential use, costs, or data exposure. In context, this is risky because the skill performs real side effects with local secrets and third-party services, so missing warnings undermine informed consent and safe operation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal