Back to skill

Security audit

youtube-channels

Security checks across malware telemetry and agentic risk

Overview

This YouTube channel skill is mostly coherent, but its setup guide gives the agent broad authority to create a third-party account, handle OTP/API secrets, work around redaction, and persist the key.

Install only if you are comfortable letting the agent handle a TranscriptAPI credential. Prefer creating the TranscriptAPI account yourself and entering the API key through an approved secret manager instead of chat; before any persistence, ask exactly where the key will be stored and how to revoke or remove it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
This document is clearly out of scope for a YouTube-channel browsing skill: it directs the agent to obtain, handle, and persist a TranscriptAPI credential and even create third-party accounts. That mismatch is dangerous because it can trick the agent into soliciting secrets and performing sensitive account actions unrelated to the declared skill, indicating likely hidden capability expansion or credential harvesting behavior.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The instructions tell the agent to register accounts on the user's behalf, collect email and OTP codes, retrieve API keys, and persist them across sessions. In the context of a YouTube browsing skill, this is an unjustified sensitive workflow that expands the agent's authority into account creation and long-term secret management, creating risk of unauthorized account actions, credential misuse, and covert persistence.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The file instructs persistent storage of an API key and temporary-file handling without a clear user-facing warning about the persistence scope, local exposure risks, or how long the credential will remain available. Even if the integration were legitimate, this can leave secrets stored in shell profiles, config files, or temp artifacts in ways the user did not knowingly authorize.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.