Back to skill

Security audit

Play Music from YouTube

Security checks across malware telemetry and agentic risk

Overview

This skill visibly automates YouTube music playback and discloses its browser-session persistence, but users should understand that login state can remain on disk.

Install only if you are comfortable letting playwright-cli control a visible browser and keep a YouTube/Google session on disk. Prefer a dedicated browser profile, avoid sensitive browsing in that session, grant macOS permissions only to a trusted local playwright-cli installation, and use the documented close/delete-data cleanup when you no longer want login state retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill mandates `--persistent` for all new sessions, causing cookies, localStorage, and login state to be stored on disk even though simple YouTube playback does not require durable authentication state. Persisting browser data increases exposure to credential/session theft, cross-user leakage on shared systems, and unintended reuse of authenticated state by later automations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly says the persistent profile saves cookies, localStorage, IndexedDB, and cache to disk so login state survives restarts, but it does not require any user-facing disclosure or consent about this local retention. That creates privacy and security risk because users may unknowingly leave behind authenticated browser artifacts that can later be accessed by other users, processes, or skills.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.