ClawHub
Back to skill

Security audit

Youtube Transcript Local

Security checks across malware telemetry and agentic risk

Overview

This skill appears to perform YouTube transcript extraction as advertised, but it under-discloses runtime package installation and overstates its safety.

Review before installing. Use this only if you are comfortable with a Python script invoking yt-dlp, contacting YouTube with supplied URLs, and saving transcript/cache files locally. Prefer installing yt-dlp yourself in an isolated environment before running the skill so it does not auto-install packages into your active Python environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
return str(path)
        
        print("Installing yt-dlp...")
        subprocess.check_call([sys.executable, "-m", "pip", "install", "yt-dlp"])
        return shutil.which("yt-dlp")
    
    def extract(self, url, lang="en", auto_generate=True):
Confidence
95% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "yt-dlp"])

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The skill explicitly claims there is 'no security risk' and 'no external API calls', but its documented workflow requires network access to YouTube and execution of local tools such as yt-dlp, ffmpeg, Whisper, and OCR utilities. This is dangerous because it misrepresents the trust boundary and can cause users or downstream agents to skip appropriate scrutiny, sandboxing, consent, or network-execution controls.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The module presents itself as a 'Local Safe Version' even though it performs network-dependent operations and may install software dynamically. Misleading safety claims can cause operators or higher-level agents to grant broader trust or run the tool in sensitive environments under false assumptions, increasing exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal