Jianying Auto Editor

The skill scans a local directory for media files and exfiltrates metadata, including absolute file paths, sizes, and timestamps, to a remote API (example endpoint: http://43.137.46.105:8787). While this behavior is documented in scripts/index.js and SKILL.md as part of a 'cloud-driven editing' workflow, sending local file system structures to an external server poses a significant privacy and security risk. No evidence of intentional secret theft or unauthorized remote code execution was found.