Security audit

clipping-video-highlights

Security checks across malware telemetry and agentic risk

Overview

This video-clipping skill is mostly purpose-aligned, but it exposes a provider credential and sends transcript/title data to external AI services without clear user consent or scoping.

Review before installing. Use only videos whose subtitles and titles you are comfortable sending to MiniMax, do not rely on the embedded MiniMax key, and prefer a revised version that removes shared credentials, documents all third-party data flows, makes cover/LLM calls optional, and clarifies whether Tencent COS is actually used.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (8)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: # 将字幕SRT转换为ASS格式（支持样式） ass_file = output_path.replace(".mp4", ".ass") cmd = ["ffmpeg", "-y", "-i", subtitle_file, ass_file] subprocess.run(cmd, capture_output=True) # 如果视频存在，直接裁剪；否则需要先下载 if video_downloaded and Path(video_downloaded).exists():
Confidence: 82% confidence
Finding: subprocess.run(cmd, capture_output=True)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: "-threads", "2", output_path ] r = subprocess.run(cut_cmd, capture_output=True, text=True) if r.returncode != 0: # 字幕烧录失败，但视频已裁剪，输出无字幕版本 cut_cmd_no_sub = [
Confidence: 84% confidence
Finding: r = subprocess.run(cut_cmd, capture_output=True, text=True)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: "-c:a", "copy", output_path ] subprocess.run(cut_cmd_no_sub, capture_output=True) return output_path
Confidence: 80% confidence
Finding: subprocess.run(cut_cmd_no_sub, capture_output=True)

Context-Inappropriate Capability

Medium

Confidence: 76% confidence
Finding: Tencent COS is introduced as an external dependency even though the documented purpose is local/YouTube clipping and AI cover generation, with no clear user-facing need for cloud object storage. Undisclosed cloud integration can expand data exfiltration risk by enabling uploads of video content, subtitles, or generated assets to a third party without explicit justification or consent.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The documentation exposes a hard-coded MiniMax API key directly in the skill file. Embedded credentials can be abused by anyone who reads the skill, leading to unauthorized API consumption, billing abuse, account compromise, and loss of control over data sent through that provider.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill sends subtitle text and likely other derived content to external services such as MiniMax, but the description does not warn users that their data will leave the local environment. This undermines informed consent and can expose sensitive transcript content, metadata, or private video material to third-party providers.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: Subtitle content from videos is sent to an external MiniMax service without explicit disclosure or consent controls. If subtitles contain sensitive, private, or copyrighted material, this creates a real data-exposure risk and may violate user expectations or organizational policy.

Missing User Warnings

Low

Confidence: 79% confidence
Finding: The cover-generation step transmits title/topic metadata to a third-party image service without explicit notice. This is less severe than sending full subtitles, but it still constitutes undisclosed data egress and may leak sensitive project names or subjects.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.