Audio Video To Text

Security checks across malware telemetry and agentic risk

Overview

This appears to be a straightforward local transcription skill, with privacy and temporary-file cautions but no evidence of hidden access or data theft.

Install dependencies from trusted sources, avoid running the script with elevated privileges, and do not process confidential or unauthorized recordings unless you are comfortable with local transcript files and temporary extracted audio being created. Avoid concurrent video transcriptions because they share the same temporary filename.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: def extract_audio(input_file, temp_audio="/tmp/audio_extract.wav"): """从视频文件中提取音频""" try: subprocess.run([ "ffmpeg", "-i", input_file, "-vn", "-acodec", "pcm_s16le", "-ar", "16000", "-ac", "1",
Confidence: 85% confidence
Finding: subprocess.run([ "ffmpeg", "-i", input_file, "-vn", "-acodec", "pcm_s16le", "-ar", "16000", "-ac", "1", "-y", temp_audio ], check=True,

Missing User Warnings

Low

Confidence: 83% confidence
Finding: This skill processes audio/video that may contain sensitive personal, confidential, or regulated information, yet the description provides no warning about privacy or consent risks. In practice, users may transcribe meetings, interviews, or recordings without considering legal restrictions, data retention, or exposure of sensitive content in output files.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal