Back to skill

Security audit

Multi-Platform Video Downloader

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real video downloader, but it can automate browser-backed downloads using cookies or logged-in session context without enough containment or consent controls.

Review before installing. Use it only for content you are allowed to download, prefer an isolated environment or dedicated browser profile, avoid running it against personal logged-in browser sessions, and verify the yt-dlp and DrissionPage dependencies before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises and operationalizes network access, file writes, and shell-based execution paths (Docker/python commands) but does not declare permissions. That creates a transparency and governance gap: users or orchestrators may invoke a capability-rich skill without understanding it can access third-party sites, write downloaded content and metadata to disk, and launch tooling that performs those actions. In this context, the risk is elevated because the purpose of the skill is to fetch untrusted remote content from arbitrary URLs across many platforms.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The invocation description is broad enough to match many generic 'download video' requests, which can cause the skill to trigger in situations the user did not intend. Over-broad routing is risky here because the skill can perform network requests, browser automation, and local file writes against arbitrary user-supplied URLs, increasing the chance of unsafe or privacy-impacting execution from ambiguous prompts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill mentions cookie support and browser mode, but it does not clearly warn that search and browser automation may use an existing browser session's cookies and make authenticated requests to third-party platforms. This matters because users may unknowingly expose account context, personalized results, or authenticated content access when the automation runs against sites like Douyin or others.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.