Download AIO

Security checks across malware telemetry and agentic risk

Overview

This media downloader is mostly coherent, but it deserves Review because it can use browser login cookies and automatically send downloaded files to Telegram without a separate confirmation step.

Install only if you are comfortable with an agent downloading media, using yt-dlp, and sending small files to Telegram. Do not allow browser-cookie or cookies.txt use unless you explicitly intend to use your own logged-in session for that exact site and download, and review any installer scripts before running them because they were not included in this package.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (12)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The README explicitly recommends `--cookies-from-browser chrome` for rate-limited or logged-in downloads, which instructs the agent to access authenticated browser session material unrelated to the core download function. In an agent skill context, expanding scope from public media download to extraction and reuse of browser-derived authentication data increases privacy and account-compromise risk if mishandled, over-collected, or exfiltrated.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill explicitly recommends using `--cookies-from-browser chrome` to access private content, which expands the scope from public downloading to leveraging the user's authenticated browser session. This is dangerous because it can cause the agent to access private or account-scoped media without clear consent boundaries and normalize use of sensitive session material in an automated workflow.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The document explicitly instructs use of browser cookies and manual cookie export to access authenticated content. That expands the skill from simple media downloading into handling session credentials, which can expose private account data, enable unauthorized access if misused, and materially increases security sensitivity beyond the stated purpose.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The README advertises automatic delivery of downloaded files to Telegram but does not prominently disclose that downloaded content is transmitted to a third-party messaging service. This creates a data handling and privacy risk, especially if users download sensitive, copyrighted, or private media and do not realize the file leaves the local machine.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The installation section states that the script will automatically install or update software and create directories, but it does not present this as a significant security-sensitive action or warn about the system changes involved. In an agent skill ecosystem, encouraging `ExecutionPolicy Bypass` and unattended dependency installation increases the chance of users running privileged changes without understanding the trust implications.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger conditions are extremely broad, including generic download phrases and any pasted URL from a supported platform. This increases the chance of accidental activation and execution of downloading and transmission behaviors when the user did not clearly request them.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill advertises automatic sending of downloaded files to Telegram without making off-device transmission a separate, explicit step. Automatic exfiltration to an external messaging service creates privacy and data-handling risk, especially when the user may only expect a local download.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The user guide says that simply pasting a URL is enough and states the agent will download and send to Telegram, but this critical transmission behavior is not presented as a prominent consent checkpoint. Users may unintentionally cause media to be forwarded externally without understanding that consequence.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The instructions recommend browser-cookie use for private content without an explicit warning that authenticated session data is sensitive and can grant access to private resources. In the context of an automation skill, this materially increases the risk of overreach into protected accounts and unintended disclosure.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: Credential and cookie access instructions are presented without any warning about privacy implications, account takeover risk, or the sensitivity of browser session data. In practice, users may be induced to extract or expose active login cookies, which can grant access equivalent to account authentication.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The documentation explicitly instructs users to use `--cookies-from-browser chrome` to access private or authenticated content, but it does not warn that this pulls authenticated browser session cookies into the tool's execution context. Even if this is a legitimate yt-dlp feature, normalizing cookie extraction for private media increases the risk of session exposure, accidental overcollection of sensitive credentials, and misuse against accounts the user should not access through the skill.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The troubleshooting guidance recommends using `--cookies-from-browser chrome` to access authenticated or rate-limited content, but it does so without any warning that this pulls sensitive authenticated browser session data. In a download automation skill, normalizing browser-cookie extraction increases the chance of privacy violations, account misuse, or unintended exfiltration if users or downstream agents treat it as a routine fix.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal