ClawHub

youtube-channels

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a coherent YouTube channel helper, but its setup flow asks the agent to handle, persist, and route around redaction for API secrets.

Install only if you are comfortable letting the agent handle a TranscriptAPI credential. Prefer creating the TranscriptAPI account yourself, enter the key through your platform's secret manager instead of chat, ask where it will be stored before persisting it, and rotate or revoke the key when you no longer need the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The document instructs the agent to register and verify third-party TranscriptAPI accounts on the user's behalf, including handling email-based OTP verification and retrieving an API key. That capability is unrelated to a YouTube channel browsing skill and materially expands the skill into credential acquisition and external account management, which increases the risk of secret handling abuse and unauthorized actions.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The guide tells the agent to determine how to persistently store TRANSCRIPT_API_KEY across sessions and shells, which is a credential-management function not justified by the stated purpose of exploring YouTube channels. Persistent secret storage creates long-lived access that could be reused outside the user's immediate request and broadens the blast radius if the environment is compromised.

Description-Behavior Mismatch

High
Confidence
100% confidence
Finding
The entire file is focused on TranscriptAPI authentication, account registration, OTP verification, and key persistence rather than YouTube channel exploration. This mismatch indicates scope drift or capability smuggling: the skill's documentation embeds operational behavior that is materially different from the manifest, making review and user trust weaker.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The instructions direct the agent to store a sensitive API key persistently and verify it is active, but they do not require clear notice to the user about retention, scope of reuse, or the security implications of long-term credential storage. Users may unknowingly grant ongoing access beyond the immediate task, which undermines informed consent and safe secret handling.

Ssd 3

High
Confidence
98% confidence
Finding
The file tells the agent to ask the user to paste an API key directly into chat and then set it up for persistent use. Collecting secrets through normal conversation channels and persisting them across sessions exposes highly sensitive credentials to logging, transcript retention, and unintended reuse.

Ssd 3

High
Confidence
97% confidence
Finding
The narrative instructs the agent to complete signup, receive an email OTP from the user, and exchange it for an API key on the user's behalf. This makes the agent an active participant in authentication and secret issuance, creating unnecessary exposure to account takeover-style workflows and sensitive token handling.

Ssd 3

High
Confidence
99% confidence
Finding
The file explicitly requires persistent storage and later reuse of a secret obtained either from the user or generated during signup. Long-term retention of reusable API keys increases the consequences of compromise and is especially unjustified in a skill whose declared purpose is merely browsing or exploring YouTube channels.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal