ClawHub

YouTube Long Video Transcript

Security checks across malware telemetry and agentic risk

Overview

The skill’s transcript workflow is mostly coherent, but it publishes a concrete API bearer token and directs external processing without enough user consent guidance.

Review before installing. Do not use the embedded bearer token; treat it as exposed and replace it with your own protected DownSub credential. Confirm before sending private or unlisted video URLs to DownSub, before spawning long-running sub-agents, and before uploading transcripts to zhiyan or any external document service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill documentation embeds a concrete Bearer token and instructs operators to use it for a third-party API. Hardcoded credentials in distributed skill content are highly sensitive because they can be reused by anyone with access to the file, leading to unauthorized API use, quota exhaustion, billing abuse, or broader compromise if the token has additional scope.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill sends user-supplied YouTube URLs to a third-party service and uses authorization data, but it does not warn users that their inputs will be transmitted externally. This creates a privacy and consent issue, especially if URLs reveal private, unlisted, internal, or sensitive viewing targets, and it normalizes external data sharing without transparency.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The workflow directs the agent to create and append local files and optionally upload the final transcript to an external document service without clearly warning the user. That can cause unintended local modifications and accidental publication of copyrighted, private, or sensitive transcript content to an external platform.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal