Security audit

Youtube Apify Transcript

Security checks across malware telemetry and agentic risk

Overview

This is a coherent YouTube transcript skill that uses Apify, local caching, and optional file output as advertised.

Install only if you are comfortable sending requested YouTube video URLs to Apify and using an Apify token that may spend quota. Use a dedicated Apify token for this skill, avoid broad non-YouTube transcript requests, choose an appropriate cache directory for sensitive work, and clear the cache when you no longer want transcript history stored locally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 82% confidence
Finding: The skill declares capabilities to read environment variables, read/write local files, and perform network access, but does not present an explicit permissions model or user-warning boundary around those operations. In this skill, those capabilities are expected for transcript fetching and caching, but the lack of declared permissions can reduce transparency and make secret access (APIFY_API_TOKEN), local cache writes, and outbound API calls easier to misuse in an agent ecosystem.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documented `--clear-cache` operation is destructive and is presented without a warning, preview, or confirmation step. While it appears limited to transcript cache data, a user or agent could invoke it unintentionally and delete locally stored artifacts, especially if the cache directory is overridden via environment variable.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrase "get transcript" is broad enough to match many general user requests that are not clearly intended for this specific YouTube/APIFY skill. In an agent ecosystem, overly generic triggers can cause the wrong skill to activate, potentially sending user requests or URLs to an external third-party API unexpectedly, which increases privacy, consent, and routing risks.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrase "video transcript" is ambiguous because it does not specify YouTube, APIFY, or even transcript retrieval as opposed to summarization or analysis. This can lead to accidental invocation for unrelated video tasks, and in this skill's context that may forward content to an external scraping/transcript service marketed as bypassing bot detection, making misrouting more sensitive than usual.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.