Skills
skills/zeropointrepo/youtube-skills/youtube-api/Gen Agent Trust Hub

youtube-api

Warn

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The authentication script scripts/tapi-auth.js performs automated modifications to multiple sensitive configuration files on the host system to establish environment variables and agent settings.
  • It modifies shell startup profiles including ~/.bashrc, ~/.zshenv, ~/.zprofile, and ~/.profile to inject export TRANSCRIPT_API_KEY commands.
  • It alters the AI agent platform's internal configuration files (e.g., ~/.openclaw/openclaw.json or ~/.clawdbot/moltbot.json) to store the API key and enable the skill.
  • It modifies PowerShell configuration files on Windows (Microsoft.PowerShell_profile.ps1) and Fish shell configurations (config.fish).
  • It creates and modifies systemd environment configuration files located in ~/.config/environment.d/.
  • [CREDENTIALS_UNSAFE]: The setup process for the skill results in storing API keys in plaintext across multiple local configuration and shell startup files, increasing the surface area for potential credential exposure.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 2, 2026, 08:48 PM