YouTube Summary
Security checks across malware telemetry and agentic risk
Overview
This skill is a transparent YouTube summarization helper with expected local command execution, optional OpenAI API use, and disclosed file outputs.
Install only if you are comfortable trusting the pinned youtube2md npm package and its dependencies. Leave OPENAI_API_KEY unset for sensitive videos, since full mode may send transcript content to OpenAI, and remember generated transcript or summary files may remain on disk.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.