Keyapi Youtube Video Analysis

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate KeyAPI YouTube analysis helper, with important local token and cache behavior users should understand.

Install only if you trust KeyAPI with the video, comment, search, and trend queries you submit. Prefer setting KEYAPI_TOKEN in your environment instead of typing it into the prompt, because the prompt saves it to a plaintext .env file. Treat .keyapi-cache as a local record of API responses, and note that --no-cache skips cache lookup but the script still writes fresh results unless you use a disposable cache directory or remove the cache afterward. Always pass --platform youtube and use the documented YouTube tool names.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Description-Behavior Mismatch

High

Confidence: 85% confidence
Finding: The script can enumerate and invoke any MCP tool exposed by the remote server, which exceeds the declared YouTube-analysis scope and materially broadens capability. In an agent-skill context, this increases the chance of unintended data access or misuse because consumers may trust the manifest while the code enables much wider actions.

Context-Inappropriate Capability

Medium

Confidence: 81% confidence
Finding: The script interactively solicits a KEYAPI token and persists it to a local .env file, creating credential-handling behavior beyond simple YouTube analysis. Persisting secrets to disk without explicit opt-in or secure storage increases the risk of accidental exposure through repository commits, local disclosure, or shared working directories.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The code writes an interactively entered API token to .env immediately after entry, without a warning at the moment of action that the secret will be stored on disk. That can lead users to disclose credentials more broadly than intended, especially in shared workspaces or source-controlled directories.

Unrestricted Tool Access

Medium

Category: Excessive Agency
Content: Execute tool calls and persist responses to the local cache. **Calling a tool:** ```bash node scripts/run.js --platform youtube --tool <tool_name> \
Confidence: 84% confidence
Finding: tool:*

Credential Access

High

Category: Privilege Escalation
Content: // ── MCP client ──────────────────────────────────────────────────────────────── /** Prompt for KEYAPI_TOKEN interactively and persist it to .env */ async function promptToken() { if (!process.stdin.isTTY) { throw new Error(
Confidence: 84% confidence
Finding: .env

Credential Access

High

Category: Privilege Escalation
Content: reject(new Error("No token entered. Set KEYAPI_TOKEN and try again.")); return; } const envPath = join(ROOT, ".env"); writeFileSync(envPath, `KEYAPI_TOKEN=${token}\n`, "utf8"); log(`[token] Saved to ${envPath} — future runs will load it automatically`); process.env.KEYAPI_TOKEN = token;
Confidence: 92% confidence
Finding: .env"

VirusTotal

No VirusTotal findings

View on VirusTotal