Security audit

video-overlay-cleanup-agent

Security checks across malware telemetry and agentic risk

Overview

This is a coherent video-cleanup skill with local FFmpeg workflows and an explicit Gemini mode that uploads selected frames and masks when used.

Install if you are comfortable with local video file processing and, when using Gemini mode, uploading selected video frames and masks to Google Gemini. Prefer the local removelogo path for sensitive recordings, use trusted custom editor commands only, and choose output/work directories carefully because intermediate files may be overwritten or cleaned up.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: usage_output=str(usage_path) if usage_path else "", ) try: subprocess.run(shlex.split(command), check=True) except subprocess.CalledProcessError as exc: raise SystemExit( f"Frame editor failed on frame {frame.name} with exit code {exc.returncode}: {command}"
Confidence: 93% confidence
Finding: subprocess.run(shlex.split(command), check=True)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The script sends local image frames and masks to the external Gemini API for processing, which creates a real data-exfiltration/privacy boundary not evident from a skill framed mainly as local video-overlay cleanup. If users process sensitive recordings, screen contents may leave the local environment and be exposed to third-party retention, logging, or policy risks.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs users to send video frames to Gemini for masked repair but does not clearly warn that frames may be transmitted to a third-party provider and may contain sensitive visual data. Users cleaning screen recordings are especially likely to expose notifications, status bars, messages, account details, or other personal/business information unintentionally.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation explicitly states that original frames and masks are sent to Gemini, but it does not warn users that this may transmit potentially sensitive visual data to a third-party service. In a video-cleanup skill, frames can contain personal information, confidential screens, notifications, or watermarks, so omission of a privacy/data-transmission warning can lead to unintended disclosure.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The script invokes ffmpeg with the `-y` flag, which forces overwriting output files without prompting. In this skill, the output directory and filename pattern are user-controlled, so running the script against an existing frame directory can silently destroy prior extracted frames or unrelated matching files, causing data loss and making recovery difficult.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The code uploads image data to an external service without any explicit user-facing disclosure or consent mechanism in the script. For a tool likely to process screen recordings, this is dangerous because captured frames can contain passwords, chats, account data, or other sensitive visual information that users may assume remains local.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.