DaVinci Auto Editor
Security checks across malware telemetry and agentic risk
Overview
The skill’s video-editing workflow is mostly coherent, but it needs review because it sends credentials and local media metadata to a configurable cloud service and lets the cloud task ID influence local write paths.
Only run this skill with a cloud API you control or strongly trust, preferably over HTTPS. Do not use the sample raw IP with real credentials. Use a limited/revocable API key, choose a narrow material_path, do not run with elevated privileges, and consider patching the taskId/output-path handling before use.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or compromised cloud API could cause the skill to write its fixed output files outside the intended _davinci_auto_editor folder, limited by the user's filesystem permissions.
The task ID comes from the cloud API response and is used directly as a local path segment for output files; the visible code does not sanitize path separators or '..' traversal.
const taskId = task.id; ... const outputDir = resolveOutputDir(config.material_path, taskId); ... return path.join(path.dirname(materialRoot), '_davinci_auto_editor', taskId);
Sanitize taskId to a safe filename token, reject path separators and '..', and verify the resolved output directory remains inside the intended parent folder before writing.
If a user copies the example endpoint or uses an untrusted/non-HTTPS API service, their API key could be exposed or sent to the wrong service.
The script sends the configured API key as a bearer token to whatever api_base_url is configured; the provided example uses plaintext HTTP to a raw IP address, and the registry metadata says there is no primary credential.
'authorization': `Bearer ${this.apiKey}`Use only a trusted HTTPS API base URL, avoid the sample raw IP for real keys, use least-privileged/revocable API keys, and update metadata to declare the required credential.
Users may unintentionally send project details and credentials to an unverified plaintext endpoint.
The sample configuration points users at an unauthenticated-looking raw IP over HTTP, creating a provenance and transport-security gap for a cloud service that receives credentials and local media metadata.
"api_base_url": "http://43.137.46.105:8787"
Replace the example with a documented HTTPS domain, explain who operates the cloud API, and add validation or warnings for non-HTTPS endpoints.
The cloud service can learn filenames, full local paths, file sizes, and modification times for supported media files under the configured material folder.
The skill recursively builds a media index containing local absolute paths and posts it to the cloud API; this is aligned with the cloud editing purpose but exposes local project metadata.
absolutePath: fullPath, ... relativePath: path.relative(rootDir, fullPath) ... await api.post(`/v1/tasks/${encodeURIComponent(taskId)}/material-index`, { materials, summary: buildMaterialSummary(materials) });Point material_path only at the intended project folder, avoid private unrelated media, and prefer sending relative paths or redacted paths unless absolute paths are truly needed.