YouTube Automation

SUSPICIOUS. The skill’s stated purpose is plausible, but its core dependency is an ambiguously sourced external MCP server that is not pinned or verifiably same-org. Because that server appears to receive YouTube API/OAuth credentials and can perform public publishing actions, the skill has high security risk even without direct evidence of confirmed malware.