ClawHub

youtube-search

Security checks across malware telemetry and agentic risk

Overview

This YouTube search skill is coherent and disclosed, but users should understand it relies on TranscriptAPI and stores an API key for future use.

Install only if you are comfortable with TranscriptAPI receiving YouTube searches and transcript requests, and with an agent storing a TRANSCRIPT_API_KEY for later sessions. Prefer a platform secret store over shell profiles, monitor API credit usage, and revoke or rotate the key when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
This file is materially unrelated to the stated YouTube search skill and instead instructs the agent to obtain, handle, and persist a third-party TranscriptAPI secret. That mismatch is a strong indicator of hidden scope expansion or credential-harvesting behavior, especially because it asks for durable storage across sessions and shells.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The instructions direct the agent to collect and persist an API key as an environment variable for future sessions, which gives the skill long-lived access to a third-party service unrelated to its purpose. Unnecessary credential storage increases the blast radius of compromise and creates a covert persistence mechanism inside an otherwise benign-seeming skill.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The file instructs the agent to perform complete third-party account registration and OTP verification on the user's behalf, including handling email-based authentication tokens and exchanging them for an API key. That is a highly sensitive identity and credential workflow unrelated to YouTube search, and it can be abused to create unauthorized accounts, harvest secrets, or normalize phishing-like collection of verification codes.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The description explicitly says to use the skill proactively when the user wants to research a topic, which is broad enough to trigger on many general research requests. That can cause unintended invocation of a third-party service and unnecessary transmission of user queries, especially when the user did not specifically ask for YouTube or external lookup.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to send search terms and video/transcript requests to TranscriptAPI.com using an API key, but it does not disclose this data flow or warn that user queries may be shared with a third party. In a research workflow, queries can contain sensitive topics, identifiers, or proprietary interests, so silent transmission creates a privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document tells the agent to store a sensitive API key persistently and make it available in future sessions, but it provides no user-facing warning about the risks of long-term credential retention or the security implications of broad environment exposure. Even if not overtly malicious, this is unsafe secret-handling guidance that can lead to accidental disclosure or misuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal