Back to skill

Security audit

YouTube API CLI

Security checks across malware telemetry and agentic risk

Overview

The skill appears coherent and not malicious, but it gives an agent real YouTube publishing and account-changing capability with limited safety guidance.

Install only if you trust the referenced CLI and are comfortable granting it access to your YouTube account. Pin and verify the installed version where possible, protect OAuth and service-account credentials, and require explicit user approval before uploads, thumbnail changes, playlist edits, channel updates, or any command that can publish or alter account content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises and demonstrates live account-modifying actions such as uploads, playlist insertion, and channel updates, but it does not clearly warn that these commands will make real changes to the user's YouTube account. In an agent/automation context, that omission increases the chance of unintended publication, metadata changes, or other irreversible account actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The upload examples show how to send a video file, thumbnail, title, description, tags, and privacy setting to YouTube, but they do not warn that this data leaves the local system and may become publicly visible depending on the selected privacy mode. In automated use, that can lead to accidental disclosure of sensitive media or metadata.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The setup instructions tell users to place OAuth client ID and client secret in a local config file, but they do not explicitly warn that these are sensitive credentials that should be protected from disclosure. While OAuth client secrets for desktop apps are often lower sensitivity than access tokens, normalizing local secret storage without guidance can still lead to leakage through weak file permissions, backups, or repository commits.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.