Is bill492/video-understanding safe?

https://github.com/openclaw/skills/tree/main/skills/bill492/video-understanding

76
CAUTION

This video understanding skill has significant data exfiltration risk due to lack of URL validation. An attacker could use file:// URLs to access local files (credentials, SSH keys, etc.) which would then be uploaded to Google's Gemini API. The skill itself doesn't contain explicit malicious code, but its core functionality of downloading arbitrary URLs creates a dangerous attack surface.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 55/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 60/100 · 5%

Findings (3)

HIGH file:// URLs enable local file access -30

The skill accepts arbitrary URLs and passes them to yt-dlp without validation. yt-dlp supports file:// URLs, allowing an attacker to read local files (e.g., file:///etc/passwd, file://$HOME/.ssh/id_rsa) and upload them to Gemini API.

MEDIUM User-provided URLs uploaded to external Gemini API -15

All downloaded videos (or accessed files) are uploaded to Google's Gemini API for analysis. This is core functionality but creates data exfiltration risk if combined with file:// URL access.

MEDIUM No URL scheme validation -10

The script accepts any URL without validating the scheme. While HTTP/HTTPS are intended, file://, ftp://, or other protocols are not blocked.