Security audit

Wjs Segmenting Video

Security checks across malware telemetry and agentic risk

Overview

The core video-cutting workflow is understandable, but the package includes under-disclosed post-production helpers and an unsafe local ffmpeg lookup that users should review before installing.

Install only if you are comfortable reviewing and controlling which helper scripts run. Use the core segment.py and --no-burn SRT slicing path for the declared workflow, set FFMPEG to a trusted binary, avoid relying on /tmp/ff_bin/ffmpeg, and do not run make_cover.py or prepend_intro.py unless you explicitly want AI cover generation, external frame sharing, or intro-card compositing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (6)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: f.write(f"file '{body_path.resolve()}'\n") list_path = Path(f.name) try: proc = subprocess.run( [ffmpeg, "-y", "-f", "concat", "-safe", "0", "-i", str(list_path), "-c", "copy", "-movflags", "+faststart", str(out_path)],
Confidence: 85% confidence
Finding: proc = subprocess.run( [ffmpeg, "-y", "-f", "concat", "-safe", "0", "-i", str(list_path), "-c", "copy", "-movflags", "+faststart", str(out_path)],

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The file implements AI cover generation and title-card behavior even though the skill manifest says this skill only cuts/crops raw clips and emits per-clip SRTs. This scope mismatch is dangerous because it can cause the agent to perform undeclared external actions, transmit user media to another tool/provider, and produce outputs the user did not consent to within this skill's stated contract.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The script invokes an external AI image editing tool and sends prompts plus reference frames to it, which exceeds a segmentation-only workflow and introduces a new data-flow boundary. In this context, that is security-relevant because user video frames may be disclosed to an external provider without being clearly justified by the declared skill purpose.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The module documentation states covers are used as prepended intro title-cards, directly contradicting the manifest's claim that this skill only produces raw clips for downstream post-production. This hidden behavioral expansion is risky because it changes media outputs and workflow semantics in ways users and orchestrators may not expect or authorize.

Description-Behavior Mismatch

High

Confidence: 89% confidence
Finding: The skill metadata says the skill should only cut and crop raw clips for handoff, but this script adds title-card intros and changes the media package beyond declared scope. In an agent setting, scope expansion is dangerous because users and orchestrators may trust the skill to perform only minimally transformative operations, while this code silently alters output semantics and downstream behavior.

Context-Inappropriate Capability

Medium

Confidence: 82% confidence
Finding: The script preferentially operates on *_burned.mp4 subtitle-burned variants, which conflicts with the stated purpose of outputting raw clips and per-clip SRTs for later post-production. In a multi-skill workflow, touching burned derivatives can break separation-of-duties assumptions, produce irreversible outputs, and bypass intended downstream review/editing steps.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.