ClawHub

YouTube频道数据采集

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a disclosed YouTube data API helper, but it contains non-YouTube automatic fallback routes and powerful media stream URL retrieval that need review before installation.

Install only if you trust MaxHub/aconfig.cn with your API key and YouTube query data. Review or remove the Douyin fallback table before use, and treat stream/download endpoints as media-access features that may have copyright or platform-terms implications, not just analytics metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is presented as YouTube-only, but its routing guidance references unrelated Douyin/Xiaohongshu paths and parameter conventions. This scope mismatch can misroute requests, cause data to be sent to unintended endpoints, and undermine operator trust in what services the skill actually contacts.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The degradation map explicitly switches to Douyin endpoints even though the skill claims to handle YouTube data only. In practice, fallback logic is often executed automatically during errors, so this can silently redirect traffic and parameters to the wrong service, causing unintended third-party data transmission and unpredictable behavior.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documented `get_signed_stream_url` endpoint provides a directly playable signed media URL, which goes beyond a read-only data-query assistant and enables retrieval of protected streaming resources. In an agent context, this can be abused to facilitate downloading, rebroadcasting, or other unauthorized use of media, especially because the output is explicitly described as directly usable for playback.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The `get_video_info` documentation states that the endpoint returns 'download information' in addition to metadata, indicating capability to expose resource URLs or other data sufficient to obtain media content. That materially exceeds passive metadata lookup and increases the risk that an agent can be used for content extraction rather than simple YouTube analytics or search.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The `get_video_streams_v2` endpoint advertises automatic decryption and bulk return of all playable URLs, which is a strong content-access capability rather than a simple data-query function. In practice, this lowers the barrier to mass downloading or misuse of copyrighted media by providing ready-to-use links in one step.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The example trigger words are extremely generic terms such as '视频', '频道', '搜索', and '评论', which are likely to overlap with ordinary conversation and unrelated user prompts. In an agent environment, this can cause accidental invocation of the skill, leading to unintended external API calls, unnecessary data access, and possible leakage of user intent or context to the third-party service.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to transmit a sensitive API key in an Authorization header to an external third-party service, but does not prominently warn users about credential transmission or trust boundaries. This increases the risk of users supplying secrets without understanding that the skill depends on an outside operator and network egress.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal