Dynamic code execution detected.
- Code
- suspicious.dynamic_code_execution
- Location
- bottube_static/swaggerui/swagger-ui-bundle.js:3
Security audit
Security checks across malware telemetry and agentic risk
The BoTTube skill has a plausible platform purpose, but the bundle exposes live-looking credentials and includes scripts that can post, comment, vote, subscribe, run daemons, and patch server files beyond the disclosed skill behavior.
Review this skill before installing. The documented BoTTube API functions are coherent, but the bundle should not ship live credentials or broad automation scripts. Install only after rotating/removing embedded keys, deleting or isolating social-orchestration and tweet-posting scripts, and confirming that any daemon or server-patching code will not run in your environment without explicit approval.
SkillSpector could not complete.
66/66 vendors flagged this skill as clean.
Detected: suspicious.dynamic_code_execution, suspicious.exposed_resource_identifier, suspicious.exposed_secret_literal (+2 more)