Video Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill performs the advertised video transcription and AI analysis workflow, but users should know the analysis step sends transcript text to a configured remote API.

Install only if you are comfortable using the configured AI relay for transcript analysis. Review or redact transcripts before running scripts/analyze.js on private, business, regulated, or confidential videos, and run ffmpeg examples in a dedicated output directory to avoid overwriting files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill documentation indicates capabilities to access environment variables, write files, and use the network, but it declares no permissions or safety boundaries. This creates a transparency and consent problem: users may not realize the skill can read configuration-derived secrets and transmit transcript data to external services.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The documented behavior goes beyond local video parsing by referencing retrieval of an API key from local configuration and remote AI analysis, while the description emphasizes a local processing pipeline. This mismatch can mislead users into exposing sensitive transcript content and local credentials under the assumption that processing is purely local.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The script reads a locally stored API credential from the user's OpenClaw config and uses it to send transcript data to a third-party endpoint. While this may be intended to enable AI analysis, it expands the skill's trust boundary beyond local processing and can expose sensitive transcript contents without explicit user awareness or consent.

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The manifest describes local video parsing and analysis, but this code sends the full transcript to a remote API for processing. That mismatch is security-relevant because users may reasonably assume the content stays local, while in reality potentially sensitive audio-derived text is exfiltrated off-device.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs users to source an API key from local configuration and use a remote AI analysis path without prominently warning about credential handling or data exfiltration. This is dangerous because transcripts may contain sensitive audio-derived information, and users are not clearly informed that content leaves the local machine.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The documented ffmpeg command uses '-y', which silently overwrites existing output files. This can cause unintended data loss or clobber prior artifacts if users rerun the command in a directory containing important files with the same name.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The key-frame extraction example also uses '-y', enabling silent overwrite of existing frame images. While lower impact than credential or network issues, it still creates avoidable file-destruction risk in normal use.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The code transmits the transcript verbatim to an external API but provides no user-facing notice, confirmation, or redaction step. If transcripts contain private conversations, proprietary information, or regulated data, this can cause unintended disclosure to an external provider.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal