ClawHub
Back to skill

Security audit

YouTube Watermark

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward YouTube watermark helper, but it needs OAuth access and can change channel branding when the user runs its commands.

Install this only if you intend to let yutu manage watermarks for your YouTube channel. Verify the channel ID and image before running set or unset commands, keep client_secret.json and youtube.token.json out of source control and private storage, and revoke or delete the token when you no longer need the access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list is broad enough to match ordinary user requests about watermarks without clearly constraining scope to YouTube channel branding operations. In agent systems, overly generic activation phrases can cause unintended invocation of a privileged skill that modifies channel settings, increasing the chance of accidental or unauthorized actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The setup guide instructs users to download an OAuth client secret and store both that file and the cached OAuth token locally, but it does not warn that these artifacts are sensitive and should be protected from source control, sharing, or weak file permissions. In a skill intended for operational use, this omission can lead to accidental credential exposure and unauthorized access to the user's YouTube account or API project.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation instructs users to run a destructive command that removes the watermark from all videos in the specified channel, but it does not clearly warn about the scope or irreversible operational effect. In an agent skill context, this omission can cause users or automation to trigger broad channel-wide changes without informed consent, increasing the risk of accidental brand, compliance, or workflow disruption.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal