Back to skill

Security audit

youtube-search

Security checks across malware telemetry and agentic risk

Overview

This YouTube skill is mostly coherent, but it asks agents to create or handle a third-party account and persist an API key with broad local changes that deserve review before use.

Review this before installing if you are uncomfortable with an agent creating a TranscriptAPI account, handling an email OTP, storing a long-lived API key, or sending YouTube research queries to TranscriptAPI. Prefer supplying your own key through a platform secret manager, confirm exactly where the key will be stored, avoid sensitive queries, and revoke or rotate the key when you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
This file is clearly out of scope for a YouTube search skill: it instructs the agent to obtain, handle, and persist a TranscriptAPI secret, including account creation and token exchange. That mismatch is a strong indicator of hidden capability expansion or credential harvesting, and the embedded guidance about redaction avoidance increases suspicion rather than reducing it.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The instructions direct the agent to create a third-party account on the user's behalf, receive an emailed OTP, exchange it for an API key, and store that credential persistently. For a YouTube search skill, this is unjustified sensitive-action automation that can silently modify user state and establish durable access unrelated to the advertised function.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description explicitly says to use the skill proactively when the user wants to research a topic and YouTube is a good source, which is broad enough to trigger on many ordinary research requests. That can cause unnecessary invocation of a third-party service and expand data exposure beyond what the user explicitly asked for, especially when written-source-only or privacy-sensitive research would be more appropriate.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to send search queries, channel identifiers, video IDs, and transcripts to TranscriptAPI.com using an API key, but it does not warn that user prompts and identifiers are being transmitted to a third party. In a research context, those queries may contain sensitive interests, internal project names, or other private data, so the omission creates a real privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document tells the agent to persistently store a sensitive API key in whatever mechanism survives future sessions, but it does not require an explicit warning or confirmation before modifying local configuration or secret storage. This can lead to silent persistence of credentials, unexpected environment changes, and increased exposure if the storage location is insecure or shared.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.