Indeed. Also, I am concerned about self-hosting enthusiasts that install docker (without the advance rootless mode) and blindly run containers. Sometimes these containers are even made by third parties, independent of the app developers. Unfortunately, the supply chain there is up for grabs…
One could also think that whoever packaged this was hurried while filling a form, and wanted to provide credit where it was due. So, maybe they were on the best of their intents… We don’t know.
If I were to use this, I would check other apps from same uploader. Or better, see what permissions are being ask.
In any case, trusting blindly github contributors on teamnewpipe organization is not extremely different.
Trust and credibility are volatile and freely given. It’s youtube, not my bank account ;p