ClawHub

Youtube Video Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says by publishing YouTube videos, but it gives an agent public-posting authority through a third-party credential without a required final confirmation step.

Install only if you trust Boring with publish access to the connected YouTube channel and any other connected social accounts. Treat the MCP connector URL like a password, revoke or regenerate it if exposed, and require your agent to show the exact channel, media file, title, description, thumbnail/captions, and visibility for approval before any upload is published.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The skill's security section states that analytics queries only retrieve metrics and do not upload or modify content, yet the documented workflow clearly performs YouTube publishing. This inconsistency can mislead users or downstream agents about the actual effects of the skill, increasing the chance of unintended content publication under a false assumption of read-only behavior.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents a publish flow and later notes 'Default visibility is Public,' but it does not prominently require explicit user confirmation before creating a live post on the user's channel. In an agent setting, this is dangerous because a tool invocation may immediately publish externally visible content, causing reputational, legal, or operational harm if the user expected a draft, private, or review step.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal