Back to skill

Security audit

transcriptapi

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent YouTube transcript tool, but its setup flow asks the agent to handle account signup, OTPs, redaction workarounds, and persistent API-key storage in ways users should review carefully.

Install only if you are comfortable with a third-party TranscriptAPI service receiving YouTube-related requests and with the agent using a TranscriptAPI credential. Prefer creating the account yourself, providing the key through an approved secret manager, and avoiding persistent shell-profile storage or temporary-file redaction workarounds.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to persistently modify the host/user environment so an API key survives across sessions and non-interactive shells. That exceeds the skill's stated transcript/search purpose and creates long-lived credential exposure on the local system, especially if stored in shell profiles or shared config files accessible to other processes or future tasks.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The manifest says the skill is not for account management, yet the instructions direct the agent to register accounts, handle email-based OTP verification, and obtain API keys on the user's behalf. This expands the skill into identity/account operations and secret handling that materially increase abuse potential and data-sensitivity beyond the declared capability boundary.

Vague Triggers

High
Confidence
93% confidence
Finding
The skill’s invocation criteria are excessively broad, explicitly allowing activation whenever YouTube is merely 'relevant' or even 'not mentioned'. This can cause the agent to route unrelated user requests through an external service unnecessarily, increasing the chance of unintended network access, data disclosure, and surprising behavior without clear user intent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guidance says to automatically fetch transcripts when a user shares a YouTube URL with no instruction, but it does not require informing the user that an external request will be sent to transcriptapi.com. That creates a consent and privacy issue because user-provided links and associated query context may be transmitted to a third party without an explicit warning or confirmation.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The guide asks the agent to collect and persistently store a user's API key without clearly warning the user that the secret may remain available across future sessions and shells. Users may unintentionally authorize long-term credential retention without understanding the blast radius if the environment or account is later compromised.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill directs the agent to collect an email address and later an OTP, then transmit them to external authentication endpoints, but does not provide a clear privacy or sensitivity notice. Email plus OTP is authentication material, and users should be explicitly told that the agent will relay it to a third-party service.

Ssd 3

High
Confidence
96% confidence
Finding
The instructions tell the agent to collect a user key or derive one via OTP flow, then persist it across sessions while minimizing normal output visibility. Hiding secret-handling steps from visible output reduces transparency and auditability, making it easier to store or misuse credentials without clear user awareness.

Ssd 3

High
Confidence
99% confidence
Finding
The workflow explicitly instructs the agent to shuttle access tokens and API keys through temporary files to avoid redaction and keep them out of normal output. This is a red flag because it is effectively guidance to bypass safety/visibility controls, increasing the chance of covert secret handling, accidental leakage on disk, and misuse by subsequent steps or processes.

Ssd 3

Medium
Confidence
90% confidence
Finding
The guide instructs the agent to ask the user for a verification code and exchange it for an API key on the user's behalf. Handling OTPs makes the agent part of an authentication ceremony, increasing phishing-like risk and normalizing the sharing of one-time codes with an intermediary.

Ssd 3

High
Confidence
97% confidence
Finding
The document tells the agent to ensure the recovered API key remains available in future sessions and non-interactive shells. That creates a long-lived secret footprint beyond the immediate task and can expose the key to later commands, unrelated skills, automation, or local compromise.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.