video-summarize

Security checks across malware telemetry and agentic risk

Overview

This video summarizer mostly does what it says, but it automatically uses Chrome browser cookies for YouTube and its installer can make broad system changes.

Review this skill before installing. It is reasonable for local video transcription, but avoid using it with YouTube unless you are comfortable with yt-dlp reading Chrome session cookies; consider removing that option or using an isolated browser profile. Review the installer first, and delete cache/ and summarize_result/ when processing private or confidential videos.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill advertises a simple video summarization workflow, but it clearly instructs the agent to run shell scripts and install software, which introduces code-execution capability not declared in permissions. Undeclared shell access is dangerous because it can modify the host environment, fetch remote content, and execute arbitrary commands without the user being clearly informed of that risk.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The documented behavior goes well beyond summarization: it downloads remote content, stores transcripts locally, may install dependencies, and the finding indicates possible browser-cookie access for YouTube. This mismatch is dangerous because users may consent to a benign-seeming summarization task without realizing the skill can access authentication material, alter the system, and persist fetched data on disk.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The script automatically enables `--cookies-from-browser chrome` for YouTube URLs, causing yt-dlp to read authenticated browser session cookies from the local Chrome profile. A video summarization skill does not inherently require access to browser credentials, so this expands data access beyond the stated purpose and creates unnecessary privacy and credential-exposure risk.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly downloads video-derived content and writes transcripts and summaries to local cache and result directories, but it does not clearly warn users about persistent local storage, retention, or possible exposure of sensitive content contained in the media. If users submit private, sensitive, or regulated content by mistake, the resulting files may remain on disk and be accessible to other local users, backup systems, or later processes.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger condition is very broad: any provided video link leads to processing, without clear scope restrictions, trust boundaries, or user-consent checkpoints. Ambiguous triggers increase the chance that the skill will run in unintended contexts and start network access, downloads, or local processing on unvetted URLs.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill notes caching and output files, but it does not give a clear up-front warning that it downloads subtitles/audio and stores derived transcript content locally. This is risky because transcripts can contain sensitive or copyrighted material, and silent persistence creates privacy, compliance, and retention concerns for users who expected an ephemeral summary.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script executes a remotely fetched Homebrew installer via `curl ... | bash` and modifies `~/.zshrc` without explicit prior warning, consent, integrity verification, or pinning to a known version. This creates supply-chain and unexpected system-modification risk, especially because the install script changes the user's environment outside the skill directory.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script tells the user that YouTube requires Chrome to be logged in, but it does not clearly warn that it will read Chrome browser cookies from the local machine. This is a meaningful privacy and security issue because authenticated browser data may grant account-scoped access and users may not understand that the tool is touching sensitive local credentials.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal