ClawHub
Back to skill

Security audit

Youtube Clipper Ko

Security checks across malware telemetry and agentic risk

Overview

The skill does the advertised video clipping work, but its privacy documentation can mislead users about audio and transcript data being sent to OpenAI and Anthropic.

Review carefully before installing if you will process private, confidential, unreleased, or copyrighted media. Treat normal use as sending extracted audio to OpenAI for transcription and transcript text to Anthropic for clip selection, and expect generated media, transcripts, and metadata to remain on disk until you delete them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
)

    # 영상 + 오디오 한번에 (원본 음성 유지, 무음 압축 없음)
    subprocess.run([
        "ffmpeg", "-y",
        "-ss", str(start_sec), "-t", str(duration),
        "-i", source_video,
Confidence
91% confidence
Finding
subprocess.run([ "ffmpeg", "-y", "-ss", str(start_sec), "-t", str(duration), "-i", source_video, "-vf", vf, "-c:v", "libx264", "-preset", "fast", "-crf", "2

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill invokes shell commands, reads environment-backed API keys, and writes multiple files, but it declares no permissions or equivalent user-facing capability boundaries. This creates a real trust and safety gap because an agent may execute downloads, filesystem writes, and external-tool calls without explicit consent or policy checks.

Tp4

High
Category
MCP Tool Poisoning
Confidence
81% confidence
Finding
The documented behavior does not fully match the described implementation, including undeclared 9:16 reframing/cropping and discrepancies around silence processing and model specificity. Behavior mismatches are dangerous because users and orchestrators may consent to one media-processing scope while the skill performs additional transformations or omits expected handling, undermining trust and safe review.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The README states the tool runs locally and that videos are not uploaded to external servers, but the documented workflow requires OpenAI and Anthropic API keys for transcription and segment selection. That means user media or derived transcript content is sent off-device, creating a materially false privacy/security claim that could cause users to process sensitive videos under incorrect assumptions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README instructs users to provide OpenAI and Anthropic API keys for processing user-supplied videos/transcripts but does not clearly warn that content will be transmitted to third-party services. In a video-processing skill, users may submit private interviews, internal meetings, or unreleased content, so the lack of explicit disclosure increases the risk of inadvertent data exposure.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad enough that the skill could activate in loosely related conversations about YouTube clips or shorts creation without sufficiently specific user intent. Over-broad activation increases the chance of unintended downloads, transcript generation, API submission, and file creation from ambiguous requests.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill omits a clear warning that it downloads source media and writes numerous artifacts, including transcripts and clips, to disk. This is a real security and privacy issue because users may not realize local storage will contain potentially sensitive media-derived content that persists after execution.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill sends audio and transcript content to external APIs but does not provide a user-facing privacy warning or consent mechanism. This is especially risky because uploaded media may contain personal, confidential, or copyrighted content, and transcript text can expose sensitive information to third-party processors.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.