Skillv1.0.0

ClawScan security

Youtube Video Publisher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 28, 2026, 7:18 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill’s stated purpose (uploading videos to YouTube) matches the instructions, but it requires a single MCP connector link that embeds a powerful token and instructs uploading your video files to a third-party server — this is broader and potentially privacy-sensitive compared with a minimal YouTube-only integration.
Guidance: This skill will upload your video files to a third-party service (boring.aiagent-me.com) using an MCP connector URL that contains an embedded auth token. Before installing or using it: 1) Only provide a connector link you trust; treat the URL as a password and never paste it publicly. 2) Verify the token scope with the service owner — confirm it is limited to the intended YouTube channel and does not grant write/publish access to other connected accounts. 3) Prefer testing with a disposable/test YouTube channel first and set uploads to unlisted/private until you trust the flow. 4) Ask the vendor for documentation on how uploaded media is stored, who can access it, retention policy, and how to revoke/regenerate the token. 5) If you prefer tighter control, consider using an integration that uses your own official YouTube OAuth credentials scoped only to youtube.upload. If you proceed, keep the ability to revoke the connector token and audit activity on your YouTube account.

Review Dimensions

Purpose & Capability: noteThe skill claims to upload videos to YouTube and its runtime instructions call Boring connector functions (boring_list_accounts, boring_upload_file, boring_publish_post), which is consistent with that goal. However, the required credential is an MCP Connector link that—per the docs—grants publish/manage access across all connected social accounts, which is broader than strictly necessary for uploading to a single YouTube channel.
Instruction Scope: concernInstructions explicitly tell the agent to accept local video files and call boring_upload_file / boring_upload_from_url, which will upload user media to Boring's servers (re-hosting). That means user content leaves the local environment and is stored/processed by a third party. The SKILL.md does not limit uploads to YouTube-only or describe retention/processing details beyond a brief claim about server-side storage.
Install Mechanism: okThis is instruction-only with no install spec or code files, so nothing is written to disk or downloaded by the installer — lowest install risk.
Credentials: concernThere are no environment variables, but the skill requires an MCP Connector link (a URL containing an embedded auth token). That token is effectively a secret and—according to the docs—grants broad publish/manage rights across connected platforms and has long-lived refresh semantics. Requesting a single broad-scoped token is disproportionate compared with a more minimal OAuth flow limited to one YouTube channel.
Persistence & Privilege: okThe skill is not marked always:true, and it does not request system-wide configuration changes. Model invocation is allowed (the platform default) which is expected for skills. There is no evidence the skill attempts to persist beyond normal connector usage.