Back to skill

Security audit

Video to Skill Extractor

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it tells an agent to use browser login cookies for video downloads without clear opt-in or handling limits.

Install only if you are comfortable with an agent downloading and locally processing videos. Before use, require explicit confirmation before any browser-cookie command, use it only for content you are authorized to access, avoid sensitive or private videos unless outputs are protected, and install dependencies in a virtual environment rather than globally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The skill explicitly forbids bypassing login or access restrictions, yet its recommended commands use `--cookies-from-browser chrome`, which imports the user's browser session into `yt-dlp`. That can access content available only because the user is logged in, creating a policy contradiction and increasing the chance of processing protected or unauthorized resources.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are very broad, everyday-language phrases such as 'help me understand this video' and 'analyze the visuals and text in the video'. This can cause the skill to activate unexpectedly for benign summarization requests and then proceed into heavyweight actions like downloads, OCR, ASR, and file creation without sufficiently explicit user confirmation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to download remote content, invoke external binaries like yt-dlp, ffmpeg, whisper, and OCR tools, and create a large local workspace/output tree, but it does not require a prominent upfront warning and consent step. This creates a safety issue because normal-looking user requests could trigger network access, local disk writes, browser-cookie use, and potentially costly or privacy-impacting processing.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list is broad enough to match ordinary requests like understanding or summarizing a video, which can cause the skill to activate unexpectedly. Unintended invocation is risky here because the skill performs local file handling, downloading, OCR, ASR, and visual extraction, potentially collecting more data than the user expected.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is designed to process local video files, screenshots, subtitles, OCR text, terminal output, and on-screen UI content, but it does not clearly warn that these inputs may contain sensitive information such as API keys, personal data, internal URLs, or proprietary code. Without an explicit warning and minimization rules, users may unknowingly expose secrets or private material to downstream tools and models.

VirusTotal

41/41 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.