Back to skill

Security audit

AI Video Clip Assistant

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real local AI video-editing skill, but it needs review because it runs FFmpeg over broad user-controlled paths and has under-scoped handling of external models, tokens, and generated edit files.

Install only if you are comfortable running local media-processing scripts on files you choose. Use a dedicated project folder, avoid untrusted media or unusual filenames, review any LLM-generated EDL before rendering, and do not enable diarization unless you understand the Hugging Face token/model dependency.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documents substantial operational capabilities including shell execution, reading user-provided files, writing outputs, and likely access to environment-backed tools, but it does not declare permissions. This creates a transparency and control gap: users or the hosting platform may not realize the skill can execute local commands over arbitrary media paths, increasing the risk of unintended file access, destructive writes, or unsafe command construction in downstream scripts.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
When diarization is enabled, the script authenticates to Hugging Face and may trigger network access without a clear user-facing warning that an external service/model hub will be contacted. In a media-processing skill that may handle sensitive audio, this reduces transparency around external dependencies and could violate user expectations or data-handling policies.

Unvalidated Output Injection

High
Category
Output Handling
Content
"-c:a", "aac",
        output
    ]
    result = subprocess.run(cmd, capture_output=True, text=True)
    if result.returncode != 0 and "Unable to parse option" in result.stderr:
        # fallback: 简化滤镜
        cmd = [
Confidence
79% confidence
Finding
subprocess.run(cmd, capture_output

Unvalidated Output Injection

High
Category
Output Handling
Content
"-c:a", "aac",
            output
        ]
        result = subprocess.run(cmd, capture_output=True, text=True)
    return result.returncode == 0

if __name__ == "__main__":
Confidence
80% confidence
Finding
subprocess.run(cmd, capture_output

Unvalidated Output Injection

High
Category
Output Handling
Content
def _run_ffmpeg(cmd: list, description: str = "") -> bool:
    """执行 FFmpeg 命令。"""
    result = subprocess.run(cmd, capture_output=True, text=True)
    if result.returncode != 0:
        print(f"  错误 [{description}]: {result.stderr[:300]}", file=sys.stderr)
        return False
Confidence
80% confidence
Finding
subprocess.run(cmd, capture_output

Unvalidated Output Injection

High
Category
Output Handling
Content
"""获取视频基本信息。"""
    cmd = ["ffprobe", "-v", "quiet", "-print_format", "json",
           "-show_format", "-show_streams", path]
    result = subprocess.run(cmd, capture_output=True, text=True)
    if result.returncode != 0:
        return {}
    try:
Confidence
77% confidence
Finding
subprocess.run(cmd, capture_output

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.