剪映AI文字成片_无限

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Jianying desktop automation skill, but it needs review because it can control the desktop, overwrite clipboard/text, save screenshots, and install a dependency.

Install only if you are comfortable letting this skill operate your Windows desktop while Jianying is open. Keep the target app focused, do not use the computer during automation, expect your clipboard and text fields to be overwritten, review any saved screenshots/temp files, and require explicit approval before dependency installation or skill-file self-modification.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (19)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: # 使用powershell设置剪贴板 print('设置剪贴板内容...') ps_cmd = f'Get-Content -Path "{tmp_path}" -Encoding UTF8 -Raw | Set-Clipboard' result = subprocess.run(['powershell', '-Command', ps_cmd], capture_output=True, text=True) if result.returncode != 0: print(f'PowerShell错误: {result.stderr}')
Confidence: 89% confidence
Finding: result = subprocess.run(['powershell', '-Command', ps_cmd], capture_output=True, text=True)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: return pyautogui except ImportError: print("正在安装 pyautogui...") subprocess.check_call([sys.executable, "-m", "pip", "install", "pyautogui", "-q"]) import pyautogui return pyautogui
Confidence: 95% confidence
Finding: subprocess.check_call([sys.executable, "-m", "pip", "install", "pyautogui", "-q"])

subprocess module call

Medium

Category: Dangerous Code Execution
Content: f.write(script_text) ps_cmd = f'Get-Content -Path "{tmp_path}" -Encoding UTF8 -Raw | Set-Clipboard' result = subprocess.run(['powershell', '-Command', ps_cmd], capture_output=True, text=True, encoding='utf-8', errors='replace') print(f"Clipboard set: return code {result.returncode}") if result.stderr: print(f"Stderr: {result.stderr[:200]}")
Confidence: 83% confidence
Finding: result = subprocess.run(['powershell', '-Command', ps_cmd], capture_output=True, text=True, encoding='utf-8', errors='replace')

subprocess module call

Medium

Category: Dangerous Code Execution
Content: tmp = os.path.join(skill_dir, 'temp_script.txt') with open(tmp, 'w', encoding='utf-8') as f: f.write(script_text) subprocess.run(['powershell', '-Command', f'Get-Content -Path "{tmp}" -Encoding UTF8 -Raw | Set-Clipboard'], capture_output=True) time.sleep(0.5) pyautogui.hotkey('ctrl', 'v') time.sleep(3)
Confidence: 91% confidence
Finding: subprocess.run(['powershell', '-Command', f'Get-Content -Path "{tmp}" -Encoding UTF8 -Raw | Set-Clipboard'], capture_output=True)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The script performs broad desktop automation with absolute-coordinate clicking, window activation, keystroke injection, clipboard writes, and screenshot capture. These capabilities are inherently dangerous because if the wrong window is focused or coordinates drift, the automation can modify unintended applications, expose sensitive clipboard contents, or capture sensitive on-screen data.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill performs broad GUI automation, window activation, clipboard manipulation, and PowerShell execution across the desktop without any runtime consent, confinement, or verification that the correct target window is active. In this context, a misfocused window or manipulated coordinates could cause text injection into the wrong application and unintended disclosure of user content.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The script performs blind GUI automation that clicks a hard-coded screen location, selects all content, deletes it, and pastes replacement text without verifying the active window or requesting user confirmation. This can destroy user data in the wrong application or field if focus changes, coordinates differ, or the script is run in an unexpected desktop state.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script clicks a fixed screen coordinate, selects all existing text, deletes it, and pastes replacement content without any confirmation, target validation, or dry-run mode. This can destroy user data in the wrong window or application if focus changes, and the danger is elevated because GUI automation is inherently brittle and context-sensitive.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script places the contents of script.txt onto the system clipboard via PowerShell without clear consent or warning. Clipboard contents are globally accessible to the user session and may expose sensitive data or overwrite something important the user had copied; in an agent skill context, undisclosed exfiltration to shared OS state is a meaningful privacy risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: Automatically installing pyautogui via pip without a user-facing warning or consent is risky because package installation executes code from outside the script's own codebase and may modify the host environment. In a local automation skill, this is especially sensitive because the script already assumes control of the user's desktop, so silent environment changes increase the blast radius.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The automation sends Ctrl+A and Delete to the currently focused field, which can erase existing user content if focus is wrong or the UI state differs from expectations. Because this is GUI automation driven by saved screen coordinates, misalignment or race conditions can cause destructive actions in the wrong application or wrong field.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script writes the full loaded text to a temporary plaintext file and then deletes it, which creates an unnecessary exposure window for potentially sensitive content. If the process crashes, deletion fails, or another local process monitors the directory, the text may be recovered or read without the user's awareness.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script copies the entire loaded text into the system clipboard without explicit user notice or consent. Clipboard contents are globally accessible to many local applications and may persist long enough to be read, logged, synced, or accidentally pasted elsewhere.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The automation selects all text in the target input and deletes it without confirming with the user or verifying the correct field is focused. In a GUI-automation skill, misfocus or coordinate drift can cause unintended data loss in the wrong application or wrong control.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script force-selects all text in the target input, deletes it, pastes new content, and writes temporary/output files without any confirmation step. In a desktop-automation context this is risky because a focus error can overwrite unrelated user data or leave sensitive script content and screenshots on disk.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script copies the full script text to the system clipboard via PowerShell without warning the user. Clipboard manipulation is security-sensitive because it can disclose or replace the user's clipboard data, and other applications or sessions may observe or later paste the injected content unexpectedly.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The code writes the full user script text to a plaintext temporary file on disk before transferring it, creating an avoidable persistence point for potentially sensitive content. If deletion fails or the file is accessed by backups, indexing, or other local software, user data may be exposed beyond the intended workflow.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: Copying user content to the system clipboard exposes that content to other local applications, clipboard history, cloud clipboard sync, and accidental user pastes. Because this happens automatically and without warning, the privacy risk is real even if the immediate goal is benign automation.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script captures and saves a screenshot of the current screen state without prior notice or consent. Screenshots can include unrelated windows, notifications, personal data, or credentials visible on screen, making this a privacy-sensitive action in desktop automation.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal