openclaw-youtube
Warn
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): Indirect Prompt Injection Surface. The skill ingests untrusted YouTube metadata (video titles, descriptions, and channel names) which could contain malicious instructions designed to influence the agent's behavior during analysis. • Ingestion points: YouTube SERP results via
api.aisa.one. • Boundary markers: No explicit delimiters or instructions to ignore embedded content are present in the documentation. • Capability inventory: The skill executes a local Python script and returns data for agent reasoning. • Sanitization: No evidence of sanitization or filtering for the external content. - [DATA_EXFILTRATION] (LOW): External Network Communication. The skill communicates with
api.aisa.one. While necessary for the skill's purpose, this is a non-whitelisted third-party domain, and the integrity of the data handled by this endpoint is not verified. - [COMMAND_EXECUTION] (MEDIUM): Unverifiable Local Execution. The documentation repeatedly references
scripts/youtube_client.py. Because the source code for this script is not included in the skill package for analysis, its internal operations (such as potential use ofos.systemorsubprocess) cannot be verified for safety.
Audit Metadata