Youtube Editor

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed video-editing automation skill, with some normal integration risks users should understand before running it.

Install only if you are comfortable sending video audio and transcript-derived text to OpenAI and running local media/browser tooling. Review nano-banana-pro separately before using AI thumbnail generation, use limited or revocable API keys where possible, and avoid untrusted avatar file paths until the local HTML escaping issue is fixed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: try: # SECURITY: Timeout prevents runaway processes subprocess.run(cmd, check=True, timeout=900) return True except subprocess.CalledProcessError: print("⚠️ Image generation failed.")
Confidence: 76% confidence
Finding: subprocess.run(cmd, check=True, timeout=900)

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal