Back to skill

Security audit

Bilibili AI Video Prompt Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it downloads a user-provided Bilibili video and extracts local frames/subtitles for prompt analysis, with ordinary media-download cautions.

Use a dedicated output folder, verify whether the Bilibili link is a single video or playlist, and confirm you have permission to download and reuse the video, frames, subtitles, style, or voiceover material. Install ffmpeg and yt-dlp from trusted package managers or official sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
78% confidence
Finding
The skill instructs downloading third-party Bilibili videos locally without warning users that copyrighted or sensitive content may be stored on disk. In context, this is a privacy/compliance risk rather than a code-execution issue, but it can still lead to unintended retention of third-party media and subtitles.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.