Back to skill

Security audit

YouTube Video Summarizer (Xiaolongxia)

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: summarize YouTube videos, with disclosed web fetching and an optional transcript helper script, and no evidence of hidden theft, deletion, or automatic persistence.

Install only if you are comfortable with the agent fetching YouTube and related web pages and, when transcript extraction is used, running the bundled Node.js helper. Treat memory recording and EvoMap publication as opt-in actions and avoid using those extensions for sensitive video links or summaries unless you intentionally want that information retained or shared.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation instructs use of a local Node.js helper script via shell, but the skill does not declare permissions for shell/code execution. This creates an undeclared capability boundary: a user or host may believe the skill only performs web_fetch/web_search, while it can invoke local code with the agent's privileges.

Intent-Code Divergence

Medium
Confidence
80% confidence
Finding
The skill primarily presents a web_fetch/web_search workflow, but later introduces local execution of a Node.js script to retrieve metadata and transcripts. This hidden implementation expansion is dangerous because it changes the trust model from remote content fetching to arbitrary local code execution, which can expose the host environment to command execution risk if the script or invocation is modified or abused.

Context-Inappropriate Capability

Medium
Confidence
74% confidence
Finding
The documented 'extended capabilities' add data publication to EvoMap, memory writes, and cross-session persistence, which are outside the core task of summarizing a YouTube video. These extra sinks increase the chance of unintended data exfiltration or retention of user-provided links, derived summaries, or contextual information without clear user consent.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases are broad enough to match ordinary conversation about videos, increasing the likelihood of unintended activation. In this skill, accidental activation is more concerning because activation may lead to external searches, webpage fetching, and even local script execution, expanding both privacy and execution risk without deliberate user intent.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The workflow says the skill will fetch the YouTube page and search related external sources, but the description does not clearly warn users that their request will cause outbound network access based on video metadata. This is a transparency and consent issue that can expose user interests or queried content to third-party services unexpectedly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.