ClawHub

Gemini Yt Video Transcript

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it uses a Gemini API key to transcribe a user-provided YouTube URL and saves the transcript locally.

Install this only if you are comfortable using a Gemini API key and sending the chosen YouTube URL, and the video title when available, to Google/YouTube services. Generated transcripts are saved locally in the workspace by default, so avoid sensitive or private video URLs unless that data flow and local persistence are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill declares required environment variables and a Python binary, and its documented usage implies network access and file output, but it does not explicitly declare permissions for network and file write behavior. This weakens user awareness and policy enforcement because the skill can exfiltrate input data to external services and write artifacts locally without clear permission signaling.

Tp4

High
Category
MCP Tool Poisoning
Confidence
79% confidence
Finding
The skill description focuses on transcript generation, but the analyzed behavior includes extra network calls for YouTube metadata, Gemini-based filename generation, and local file creation with a title header. While these behaviors are plausibly related to the feature, failing to disclose them increases the risk of unexpected data sharing and side effects, especially in constrained or privacy-sensitive environments.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill description does not clearly warn that providing a YouTube URL for transcription causes video-related data to be sent to Google Gemini. In privacy-sensitive settings, this is dangerous because users may reasonably assume a local-only transcript operation and unintentionally disclose URLs or associated content to a third party.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script transmits the user-supplied YouTube URL and, when available, the fetched video title to Google Gemini and YouTube services without any explicit user notice or consent mechanism. In an agent setting, this can leak user activity or sensitive/private video references to third parties, especially if the URL points to unlisted or otherwise sensitive content.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The script writes the generated transcript to a local file automatically, either at a user-provided path or a default workspace path, without an explicit warning that a file will be created or overwritten. In agent workflows this can surprise users, leave sensitive transcripts on disk, or overwrite existing files if the chosen path already exists.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal