critical

youtube-data-mcp-server

v1.0.16

YouTube MCP Server Implementation

npmplayer_heroFirst seen Feb 22, 2026Source

Total

Critical

High

Medium

Findings

unknown

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    11: }
    12: // Default subtitle language setting
>>> 13: const defaultTranscriptLang = process.env.YOUTUBE_TRANSCRIPT_LANG || 'ko';
    14: async function main() {
    15:     const videoManager = new VideoManagement();

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    8:         this.youtube = google.youtube({
    9:             version: 'v3',
>>> 10:             auth: process.env.YOUTUBE_API_KEY
    11:         });
    12:     }

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    58:             const transcript = await getSubtitles({
    59:                 videoID: videoId,
>>> 60:                 lang: lang || process.env.YOUTUBE_TRANSCRIPT_LANG || 'en'
    61:             });
    62:             return transcript;

Report false positive

criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    6: import { z } from "zod";
    7: // Environment variable validation
>>> 8: if (!process.env.YOUTUBE_API_KEY) {
    9:     console.error('Error: YOUTUBE_API_KEY environment variable is not set.');
    10:     process.exit(1);

Report false positive

highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: J�b�'��ӭ�즊�