Back to skill

Security audit

Ascii Video

Security checks across malware telemetry and agentic risk

Overview

This is a local ASCII media conversion skill with some rough CI/test helper code, but I did not find evidence of hidden data access, exfiltration, persistence, or destructive behavior.

Install only if you are comfortable running a local Python media tool that calls ffmpeg and reads/writes media files you choose. Avoid running the bundled CI verifier on untrusted folders unless it is sandboxed, and prefer reviewing or pinning the downloaded script source before execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def has_self_test(fp):
    r = subprocess.run([sys.executable, fp, "self-test"], capture_output=True, text=True, timeout=30)
    return r.returncode == 0 and "PASS" in r.stdout
Confidence
98% confidence
Finding
r = subprocess.run([sys.executable, fp, "self-test"], capture_output=True, text=True, timeout=30)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
tests = [os.path.join(folder, f) for f in os.listdir(folder)
                 if (f.startswith("test_") or f.endswith("_test.py")) and f.endswith(".py")]
        if tests:
            st_ok = all(subprocess.run([sys.executable, t], capture_output=True, text=True,
                                      timeout=30).returncode == 0 for t in tests)
            st_note = f"{len(tests)} test_*.py"
        elif re.search(r"(?im)^test\s*:", skill_txt):
Confidence
98% confidence
Finding
st_ok = all(subprocess.run([sys.executable, t], capture_output=True, text=True, timeout=30).returncode == 0 for t in tests)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises itself as a simple media conversion utility, but the documentation instructs users to download and run a Python script directly and the detected capabilities include shell, file read, and file write with no declared permissions boundary. In an agent ecosystem, undeclared execution and filesystem access increase risk because operators and other tools cannot accurately assess what the skill is allowed to do, creating room for over-privileged or surprising behavior.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The documentation overstates and misstates behavior, claiming multiple dithering modes and a bounded purpose while the analyzed behavior also includes image conversion, frame extraction, and verification utilities, and apparently lacks the claimed dithering support. In security-sensitive agent environments, description-behavior mismatch is dangerous because users may grant trust or invoke the skill under false assumptions, masking capabilities that touch local files or execute commands.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.