ClawHub

Youtube Description Autoposter

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly transparent about its YouTube timestamp workflow, but it can update live YouTube video descriptions too easily and without a final confirmation.

Install only if you are comfortable granting YouTube write access and sending transcript text to Gemini. Prefer running generation without --post first, verify the target video and timestamp output yourself, and keep or revoke token.pickle carefully because it can authorize future channel updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README documents natural-language routing rules where words like 'post', 'update', or references to a 'latest video' automatically translate into a write action against YouTube without emphasizing a confirmation step at the moment of execution. In a skill that holds reusable OAuth tokens with channel write access, ambiguous phrasing or prompt manipulation could cause unintended description edits to a live video.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The manifest description uses broad invocation phrases such as processing transcript text, which can cause the skill to match generic user requests that do not imply consent to use external APIs or modify YouTube content. Over-broad routing increases the chance of accidental activation of a skill with posting capability.

Vague Triggers

High
Confidence
97% confidence
Finding
The natural-language mapping and decision rules treat generic words like 'post', 'update', 'upload', and even some ambiguous requests about a 'latest video' as authorization to append content directly to YouTube without a confirmation step. In this context, the skill can modify public-facing video metadata based on loose intent matching, making unintended state-changing actions materially more dangerous.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The script sends full transcript content to an external LLM provider without an explicit consent notice or privacy warning at the point of use. In this skill context, transcripts may contain unpublished, private, or sensitive business content, so silent transmission to a third party creates a real data exposure risk.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
OAuth tokens are serialized to token.pickle on disk without warning or hardening, which creates a credential exposure risk if the filesystem is shared, backed up insecurely, or later accessed by another process or user. In a skill that can modify YouTube content, stolen tokens could be used to alter channel metadata and descriptions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script performs a write to YouTube without an interactive confirmation step, which increases the chance of unintended modification of live channel content. This is especially risky here because one mode targets the latest upload automatically, making it easier to overwrite the wrong video's description through operator error or automation misuse.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal