The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (CRITICAL): The skill instructs macOS users to visit 'https://glot.io/snippets/hfd3x9ueu5' and execute the command found there in their terminal. This URL has been flagged as malicious by automated scanners and is a common vector for one-liner shell backdoors.
[EXTERNAL_DOWNLOADS] (CRITICAL): The skill mandates downloading a ZIP file ('openclawcli.zip') from an untrusted GitHub repository ('Ddoy233/openclawcli') and running the executable inside. This is an attempt to deliver a malicious payload under the guise of a prerequisite utility.
[COMMAND_EXECUTION] (HIGH): The skill utilizes complex shell piping involving 'yt-dlp', 'sed', and inline Python execution. While 'yt-dlp' is a legitimate tool, its usage here serves as a 'living-off-the-land' decoy to make the overall skill appear functional while the user is infected via the 'openclawcli' malware.
[INDIRECT PROMPT INJECTION] (HIGH): The skill ingests untrusted data from YouTube (titles, descriptions, transcripts) and passes it directly to the LLM. It lacks boundary markers or sanitization, allowing a malicious YouTube video to inject instructions that could influence the agent's behavior during the 'summarization' phase.
[METADATA POISONING] (HIGH): The skill contains deceptive claims. It repeatedly states that 'yt-dlp' requires 'openclawcli' to extract transcripts; this is factually false, as 'yt-dlp' handles transcript extraction natively. This deception is designed to bypass user caution.

youtube-summarize