ClawHub
Back to skill

Security audit

Maxhub Youtube

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed read-only YouTube data skill that sends requests to MaxHub, with some media-access and broad-trigger caveats users should understand.

Install only if you are comfortable sending YouTube IDs, URLs, search terms, and your MaxHub API key to https://www.aconfig.cn. Treat stream and signed URL features as media-access features, not simple metadata, and use them only for authorized content; avoid providing production cookies or session credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The skill is labeled read-only, but it explicitly advertises retrieval of playback streams and signed playback URLs that can enable direct media access beyond simple metadata analysis. This creates a capability mismatch that may mislead an agent or operator into treating the skill as low-risk while it can facilitate downloading or redistribution workflows, with legal/compliance and policy-bypass implications.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes short, generic phrases such as “趋势”, “Shorts”, and “看看这个频道”, and the file instructs the agent to auto-select the longest matching trigger and chain downstream recipes without re-confirmation. That combination can cause unintended invocation of adjacent capabilities, including stream/download-related recipes, when user intent is ambiguous or only partially overlaps a trigger.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrase for this recipe is broad enough that ordinary user requests about comments or replies could invoke the skill unintentionally. In an agent environment, over-broad routing can cause data access or external API calls the user did not clearly request, which is a real prompt-selection weakness even though this particular skill is read-oriented.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases "搜索视频」「找视频」「搜YouTube" are broad, high-frequency user intents that can match many ordinary requests without additional scoping or confirmation. In an agent environment, this increases the chance of unintended skill invocation and silent external API calls to the configured third-party endpoint, which can expose user queries and produce unexpected behavior.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The channel-search triggers "搜索频道」「找频道" are even more generic and lack platform or domain qualifiers, so they may activate for unrelated channel concepts or ordinary conversational requests. Because this skill sends requests to an external service, overbroad matching can cause unintended data egress and unreliable agent behavior through accidental tool use.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrase set for the caption recipe includes very broad terms such as '字幕', which can match ambiguous user requests that do not clearly ask for YouTube caption retrieval. In an agent setting, overly broad routing can cause unintended tool invocation, surprising data access, or the wrong workflow being executed without sufficient user confirmation.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The related-videos recipe is triggered by generic phrases like '推荐', which are highly ambiguous and may capture ordinary recommendation requests unrelated to this skill. This increases the risk of incorrect action selection and unintended external API calls to the configured service.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trending recipe includes broad triggers like '趋势' and '热门视频', which can overlap with many general information-seeking requests. In an agent environment, this can misroute user intent into an external-content retrieval flow, leading to unintended API usage and reduced user control over tool execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.