Back to skill

Security audit

Wjs Segmenting Video

Security checks across malware telemetry and agentic risk

Overview

The core video-cutting workflow is understandable, but the package includes under-disclosed post-production helpers and an unsafe local ffmpeg lookup that users should review before installing.

Install only if you are comfortable reviewing and controlling which helper scripts run. Use the core segment.py and --no-burn SRT slicing path for the declared workflow, set FFMPEG to a trusted binary, avoid relying on /tmp/ff_bin/ffmpeg, and do not run make_cover.py or prepend_intro.py unless you explicitly want AI cover generation, external frame sharing, or intro-card compositing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
f.write(f"file '{body_path.resolve()}'\n")
        list_path = Path(f.name)
    try:
        proc = subprocess.run(
            [ffmpeg, "-y", "-f", "concat", "-safe", "0",
             "-i", str(list_path),
             "-c", "copy", "-movflags", "+faststart", str(out_path)],
Confidence
85% confidence
Finding
proc = subprocess.run( [ffmpeg, "-y", "-f", "concat", "-safe", "0", "-i", str(list_path), "-c", "copy", "-movflags", "+faststart", str(out_path)],

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The file implements AI cover generation and title-card behavior even though the skill manifest says this skill only cuts/crops raw clips and emits per-clip SRTs. This scope mismatch is dangerous because it can cause the agent to perform undeclared external actions, transmit user media to another tool/provider, and produce outputs the user did not consent to within this skill's stated contract.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script invokes an external AI image editing tool and sends prompts plus reference frames to it, which exceeds a segmentation-only workflow and introduces a new data-flow boundary. In this context, that is security-relevant because user video frames may be disclosed to an external provider without being clearly justified by the declared skill purpose.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The module documentation states covers are used as prepended intro title-cards, directly contradicting the manifest's claim that this skill only produces raw clips for downstream post-production. This hidden behavioral expansion is risky because it changes media outputs and workflow semantics in ways users and orchestrators may not expect or authorize.

Description-Behavior Mismatch

High
Confidence
89% confidence
Finding
The skill metadata says the skill should only cut and crop raw clips for handoff, but this script adds title-card intros and changes the media package beyond declared scope. In an agent setting, scope expansion is dangerous because users and orchestrators may trust the skill to perform only minimally transformative operations, while this code silently alters output semantics and downstream behavior.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
The script preferentially operates on *_burned.mp4 subtitle-burned variants, which conflicts with the stated purpose of outputting raw clips and per-clip SRTs for later post-production. In a multi-skill workflow, touching burned derivatives can break separation-of-duties assumptions, produce irreversible outputs, and bypass intended downstream review/editing steps.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.