Security audit

maple-video2article

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does the advertised video-to-article workflow, but its downloader can automatically overwrite or delete files in the chosen output folder.

Review before installing. Use a fresh empty output folder for each download, avoid pointing it at important media directories, expect dependency and Whisper model downloads, and delete generated transcripts, frames, and downloaded videos after processing sensitive content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 81% confidence
Finding: The code may automatically download model artifacts through faster-whisper when a named model is used, introducing network egress and supply-chain exposure that is not obvious from the local transcription interface. In constrained or sensitive environments, unexpected outbound access and unpinned remote artifacts can violate security assumptions and enable malicious or tampered model delivery.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The trigger conditions are extremely broad, covering nearly any request involving understanding or summarizing a video. Over-broad activation increases the chance the skill is invoked in situations the user did not intend, leading to unnecessary downloads, file creation, or processing of sensitive local media.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill performs potentially risky actions—downloading remote videos, reading web content, and writing local output files—but does not present a clear consolidated risk notice or consent checkpoint. Users may not realize external content will be fetched and stored locally, or that local artifact paths and derived files will be created as part of the workflow.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to reveal local storage paths for downloaded videos, screenshots, subtitle files, and planned outputs back to the user. Exposing internal filesystem locations can leak host structure, usernames, workspace layouts, or other sensitive environment details, which is unnecessary for most user-facing tasks and increases follow-on attack surface.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal