simple-video-downloader

This skill is coherent with its stated purpose: it constructs and runs yt-dlp commands to download videos and extract audio. It does not itself contain obfuscated code, embedded executables, or instructions to run remote code directly from the skill. However, it relies on the user installing and running a third-party tool (yt-dlp) and recommends using browser cookies for access to protected content. Those factors create a moderate supply-chain and credential exposure risk: a compromised yt-dlp binary or careless cookie handling could lead to credential theft or arbitrary code execution. Overall there is no direct evidence the skill contains malware, but its dependency and cookie usage warrant cautious handling (verify yt-dlp binaries, avoid sharing cookies, and prefer official distribution channels).