Security audit

视频字幕自动生成器——免费的才是最好的

Security checks across malware telemetry and agentic risk

Overview

This is a local video subtitle tool whose risks are mainly ordinary media-processing, privacy, and reliability issues rather than hidden or malicious behavior.

Use this in a private working directory, process only recordings you are allowed to transcribe, and review/delete generated audio, transcript, subtitle, and video files when done. Install faster-whisper if you need real transcription, verify the output before publishing, and avoid untrusted subtitle style files or unusual filenames until FFmpeg filter escaping is hardened.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: ] try: result = subprocess.run(cmd, capture_output=True, text=True, timeout=600, encoding='utf-8') if result.returncode == 0: file_size = Path(output_path).stat().st_size / 1024 / 1024 print(f" ✅ 视频已生成：{output_path} ({file_size:.2f} MB)")
Confidence: 79% confidence
Finding: result = subprocess.run(cmd, capture_output=True, text=True, timeout=600, encoding='utf-8')

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: If Whisper is unavailable, the tool silently generates fabricated transcript content that looks like legitimate speech recognition output. In a workflow that users may trust for subtitles, summaries, or downstream decisions, this can cause integrity failures, misinformation, or accidental publication of false content without clear warning.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill processes spoken audio into transcripts and subtitles, which can expose sensitive personal, corporate, or meeting information if users do not realize speech content is being extracted and persisted as text. In a video-processing workflow, this omission is more significant because transcription materially changes the sensitivity and searchability of the data and may create compliance or privacy issues.

Missing User Warnings

Low

Confidence: 80% confidence
Finding: The README lists output files but does not clearly warn users up front that the tool writes multiple derived artifacts, including extracted audio, transcripts, subtitles, metadata, and a rendered video, to disk. This can lead to unintended data persistence, disk exposure, or accidental sharing of sensitive content, especially on shared systems or synced folders.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill description presents automated transcription, subtitle generation, and derivative video creation as normal behavior but does not warn that it will create and store transcripts, subtitle files, and modified media outputs. This can expose sensitive spoken content, personal data, or confidential media in local output folders or downstream systems without informed user consent.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The installation/dependency section references speech recognition and optional external tools such as Whisper, Google/Azure engines, yt-dlp, and other media tooling without warning that video/audio content may be processed by third-party software or services. In practice, users may route sensitive media through cloud-backed or externally integrated tools without understanding the privacy, retention, or compliance implications.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The markdown provides copy-pastable destructive PowerShell commands (`Remove-Item ... -Force` and recursive directory deletion) that permanently delete files and folders without any explicit warning, confirmation step, or backup guidance. In a skill-packaging guide, users may execute these commands directly, and if paths or filenames are wrong or adapted unsafely, this can cause unintended data loss on the local system.

Missing User Warnings

Low

Confidence: 78% confidence
Finding: The document instructs users to regenerate subtitles and reburn the video, but it does not warn that output paths may overwrite prior generated files or replace existing media artifacts. In a media-processing skill this is not code execution, but it can still cause unintended data loss or confusion if users reuse output directories or filenames.

Unvalidated Output Injection

High

Category: Output Handling
Content: ] try: result = subprocess.run( cmd, capture_output=True, timeout=600
Confidence: 72% confidence
Finding: subprocess.run( cmd, capture_output

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal