ClawHub

YouTube Comment Thread

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent and not malicious, but it can publish YouTube comments with a user's OAuth account and does not clearly require a final confirmation before posting.

Install only if you intend to let yutu access your YouTube account. Before any insert command, require the agent to show the video ID, channel ID, author channel, and full comment text, then approve it explicitly. Keep client_secret.json and youtube.token.json private, out of version control, and revoke the OAuth token if you stop using the skill or suspect exposure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
This documentation instructs the user to post a new YouTube comment thread to an external service but does not clearly warn that the action is state-changing and will publish content under the user's account. In an agent setting, missing disclosure around external side effects increases the risk of unintended account activity, accidental spam, or unauthorized posting if the command is invoked without strong user awareness or confirmation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The setup guide instructs users to create OAuth credentials and store both the client secret and cached access token in predictable local files, but it does not warn that these files are sensitive or should be excluded from version control, shared folders, and logs. If an agent or user mishandles these files, an attacker could reuse the OAuth material to access or act on the connected YouTube account.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal