Security audit

AI视频剪辑Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local video-editing automation skill with normal media-processing risks, not evidence of hidden theft, persistence, or destructive behavior.

Install only if you are comfortable running local Python and FFmpeg tools on selected media folders. Use a virtual environment, choose a dedicated output directory, avoid pointing it at sensitive or cloud-synced folders unless intended, keep backups of important media, and review generated outputs before sharing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (20)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill instructs the agent to read user-specified directories, write output files to preset locations, and invoke shell commands, yet it declares no permissions. That creates a capability/consent mismatch: users and the host system are not clearly informed that broad filesystem and command execution actions may occur, increasing the risk of unintended file access, overwrites, or execution of unsafe command arguments.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README explicitly promotes fully automated import, processing, and export of user video material with 'no human intervention' but does not warn about destructive or high-impact behaviors such as bulk processing, overwriting outputs, heavy resource use, privacy exposure of media contents, or unexpected handling of large directories. In the context of an agent skill that may be invoked from natural-language requests, this increases the risk that users trigger broad file operations without understanding scope or consequences.

Vague Triggers

High

Confidence: 91% confidence
Finding: The trigger scope is very broad ('任何涉及视频剪辑、素材处理、自动成片生成的需求'), so the skill may activate for ordinary or ambiguous requests and then proceed into automated file processing. Overbroad activation increases the chance of the agent performing high-impact local actions without sufficiently specific user intent or informed consent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The workflow states that outputs are automatically stored to preset paths, including cloud-synced locations, but does not prominently warn users beforehand. This can cause unintended file creation, overwriting, or leakage of generated media into synchronized folders, which is especially risky for sensitive or copyrighted content.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill performs content analysis and speech-to-text on user media but does not provide a clear privacy warning or consent step. Media files can contain sensitive audio, faces, text, and metadata, so silent analysis/transcription may expose private information and create compliance issues.

Natural-Language Policy Violations

Medium

Confidence: 86% confidence
Finding: The default configuration hard-codes subtitle language to zh-CN without explicit user choice. While not a severe security flaw on its own, forcing locale-specific output can lead to incorrect transcription handling, privacy surprises, and unexpected processing of speech in a way the user did not request.

Missing User Warnings

Medium

Confidence: 75% confidence
Finding: The exporter automatically deletes files in the source directory based on a weak suffix-matching rule, without explicit user confirmation or a dedicated temp workspace. If pointed at a directory containing similarly named legitimate files, the cleanup routine can remove user data unexpectedly, causing integrity and availability loss.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The pipeline deletes all files in the intermediate directory automatically when auto_cleanup is enabled, without an explicit confirmation prompt, retention option surfaced to the user, or safeguards against accidental data loss. In a media-processing skill, intermediate files may contain valuable edits, generated subtitles, or recoverable work product, so silent cleanup can destroy artifacts users expected to keep.

Unpinned Dependencies

Low

Category: Supply Chain
Content: # AI视频剪辑依赖 # 核心依赖 Pillow>=9.0.0 numpy>=1.20.0 # 视频处理
Confidence: 91% confidence
Finding: Pillow>=9.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 核心依赖 Pillow>=9.0.0 numpy>=1.20.0 # 视频处理 moviepy>=1.0.3
Confidence: 89% confidence
Finding: numpy>=1.20.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: numpy>=1.20.0 # 视频处理 moviepy>=1.0.3 # 语音识别 (可选，用于字幕生成) # whisper>=20231117
Confidence: 90% confidence
Finding: moviepy>=1.0.3

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 语音识别 (可选，用于字幕生成) # whisper>=20231117 openai-whisper>=20231117 # 音频处理 pydub>=0.25.1
Confidence: 92% confidence
Finding: openai-whisper>=20231117

Unpinned Dependencies

Low

Category: Supply Chain
Content: openai-whisper>=20231117 # 音频处理 pydub>=0.25.1 librosa>=0.9.0 # 实用工具
Confidence: 87% confidence
Finding: pydub>=0.25.1

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 音频处理 pydub>=0.25.1 librosa>=0.9.0 # 实用工具 tqdm>=4.60.0
Confidence: 88% confidence
Finding: librosa>=0.9.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: librosa>=0.9.0 # 实用工具 tqdm>=4.60.0 pyyaml>=6.0
Confidence: 92% confidence
Finding: tqdm>=4.60.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 实用工具 tqdm>=4.60.0 pyyaml>=6.0
Confidence: 94% confidence
Finding: pyyaml>=6.0

Known Vulnerable Dependency: Pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical

Category: Supply Chain
Confidence: 97% confidence
Finding: Pillow

Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more

Critical

Category: Supply Chain
Confidence: 84% confidence
Finding: numpy

Known Vulnerable Dependency: tqdm — 3 advisory(ies): CVE-2024-34062 (tqdm CLI arguments injection attack); CVE-2016-10075 (TDQM Arbitrary Code Execution); CVE-2016-10075 (The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to e)

High

Category: Supply Chain
Confidence: 90% confidence
Finding: tqdm

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical

Category: Supply Chain
Confidence: 98% confidence
Finding: pyyaml

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal