Back to skill

Security audit

Podcast Video Publisher

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent YouTube podcast publishing tool, but it gets broad persistent YouTube write access and can make public channel and playlist changes with limited safeguards.

Review and edit the hardcoded playlist ID and episode ordering before running anything, gitignore .youtube.json and upload-state.json, run phases one at a time on a test/private playlist first, and revoke the Google OAuth grant immediately if the token file is exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill instructs users to run local Python and Node scripts, invoke ffmpeg, read environment/configuration, and write files such as .youtube.json and upload-state.json, yet it declares no permissions. That mismatch can prevent users or a hosting platform from understanding that the skill has shell execution and filesystem write capability, increasing the chance of unsafe execution with access to local credentials and project files.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill describes destructive or externally visible actions such as uploading videos, removing stale playlist items, reordering playlist entries, and retiring old versions, but does not require an explicit confirmation gate before those actions occur. A mistaken invocation, bad metadata, or wrong playlist ID could cause unintended public changes on a live YouTube channel and require manual cleanup.

Session Persistence

Medium
Category
Rogue Agent
Content
// `youtube` (full read/write) instead of just `youtube.upload + readonly`
// because playlistItems.insert (used by the adapter to auto-add each
// upload to a playlist) requires playlist write permission, which only
// the full scope grants. .readonly + .upload are insufficient — Google
// returns "Request had insufficient authentication scopes" (403) on
// playlist mutations under those.
Confidence
88% confidence
Finding
write permission, which only // the full scope grants. .readonly + .upload are insufficient — Google // returns "Request had insufficient authentication scopes" (403) on // playlist mutations under th

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/youtube-grant.js:64