Back to skill

Security audit

tl_video_downloader

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real video downloader, but running it can automatically install or upgrade local software without a separate approval step.

Review before installing. Use this skill only if you are comfortable with it running local commands, downloading from the provided video URL, saving output to your Downloads folder, and automatically installing or upgrading yt-dlp and ffmpeg through package managers. A safer setup would require users to install dependencies themselves or run the skill in a contained environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print(f"❌ {pkg_name} 未安装,开始自动安装...")
        try:
            # 执行安装命令
            subprocess.run(
                install_cmd,
                capture_output=True,
                text=True,
Confidence
95% confidence
Finding
subprocess.run( install_cmd, capture_output=True, text=True, check=True )

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs the agent to invoke an exec-capable shell command but does not declare corresponding permissions, creating a hidden execution capability that users or policy systems cannot properly evaluate. This is dangerous because it reduces transparency and can allow command execution pathways to be exposed without explicit consent or sandboxing expectations.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The declared purpose is limited to downloading videos, but the observed behavior includes host modification via package managers and pip, plus writing files into the user's Downloads directory. This mismatch is dangerous because users may approve a seemingly simple media task without realizing the skill can alter the system environment, install software, and persist files on disk.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill claims to download and merge videos, but also installs and upgrades yt-dlp and ffmpeg via system package managers. That hidden side effect materially expands the trust boundary and can lead to unauthorized system modification or execution of newly fetched code from external repositories.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
OS-level package management is outside the narrow function of a video-downloader skill and is dangerous in agent environments because it performs code acquisition and system modification. Even if intended as convenience, it broadens capability from content retrieval to local software management, increasing supply-chain and host-integrity risk.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Automatically installing missing dependencies without prior user confirmation is a real security issue for an agent skill because it performs external code installation and system changes implicitly. In this context, the mismatch between user intent ('download a video') and actual behavior ('modify the system') makes the behavior more dangerous, not less.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.