Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Video Transcript Downloader
Security checks across static analysis, malware telemetry, and agentic risk
Overview
I could not access the workspace artifacts directly, and the supplied VirusTotal note alone is not enough under the review policy to classify the skill as suspicious.
Treat this as an incomplete review: inspect the actual SKILL.md and scripts before installing, especially any passthrough options to yt-dlp or other external binaries.
SkillSpector
By NVIDIA
SkillSpector findings are pending for this release.
Static analysis
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
VirusTotal
64/64 vendors flagged this skill as clean.