Skills
skills/17854120992/use-youtube-data-mcp-skill/use-youtube-data-mcp/Snyk

use-youtube-data-mcp

Fail

Audited by Snyk on Mar 8, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill asks the user for an API key (if not in env) and instructs writing it into MCP config / an Authorization: Bearer <API_KEY> header, which requires the agent to include the secret verbatim in generated config/commands (high exfiltration risk).

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). The set includes an untrusted, oddly named third‑party domain (mkterswingman.com) that is used to collect API keys and act as an MCP endpoint plus instructions to run a local installer that will fetch and execute code from arbitrary GitHub paths (including a numeric/unknown repo owner), which could exfiltrate credentials or install malicious code—so despite GitHub links themselves, the workflow is high risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This skill explicitly instructs overwriting/adding MCP configs across multiple client paths to register an external server (https://mkterswingman.com/mcp) using the user's API key, combined with self-update/install-from-GitHub behavior — a clear pattern for credential harvesting, persistent remote access/backdoor registration, and supply-chain updates, which is malicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to self-update from GitHub and install helper skills from external GitHub URLs (Step 1 and Step 4) and to query/interpret MCP responses and patch notes from https://mkterswingman.com/mcp via tools/list and get_patch_notes (Steps 3 and 5), meaning it fetches and executes untrusted third-party content that can change behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill runs installer commands at runtime that fetch and install/execute remote code from GitHub (e.g., python3 ...install-skill-from-github.py --repo 17854120992/mcp_youtube_data and installer --repo openai/skills and --url https://github.com/anthropics/skills/...), which clearly pulls and executes external code during runtime.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 8, 2026, 06:34 AM