Back to skill

Security audit

Local Video Ad Pipeline v0.5

Security checks across malware telemetry and agentic risk

Overview

This is a mostly coherent local video-generation skill, but it needs review because it can load Python code from user-supplied paths and can send videos through Telegram using a configured bot token.

Install only if you are comfortable reviewing and controlling the local scripts. Use trusted Qwen GUI directories and module names only, avoid the Telegram delivery fallback unless you explicitly want the generated video uploaded through Telegram, and specify neutral casting, conservative styling, subtitle language, and cleanup expectations before running the pipeline.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
"-pix_fmt", "yuv420p", "-an", str(dst),
        ]
        print(f"  {sid}: {printed} + sub")
        r = subprocess.run(cmd, capture_output=True, text=True)
        if r.returncode != 0:
            print(r.stderr[-1000:])
            sys.exit(1)
Confidence
84% confidence
Finding
r = subprocess.run(cmd, capture_output=True, text=True)

Dynamic import via __import__()

Medium
Category
Dangerous Code Execution
Content
args = ap.parse_args()

    sys.path.insert(0, args.qwen_gui_dir)
    qwen = __import__(args.module)  # type: ignore

    qwen.COMFYUI_URL = args.comfy
    qwen.OUTPUT_DIR = args.output_dir
Confidence
95% confidence
Finding
qwen = __import__(args.module) # type: ignore

Dynamic import via __import__()

Medium
Category
Dangerous Code Execution
Content
wanted = set(args.shots or [])

    sys.path.insert(0, args.qwen_gui_dir)
    qwen = __import__(args.module)  # type: ignore

    qwen.COMFYUI_URL = args.comfy
    qwen.OUTPUT_DIR = args.output_dir
Confidence
95% confidence
Finding
qwen = __import__(args.module) # type: ignore

Dynamic import via __import__()

Medium
Category
Dangerous Code Execution
Content
wanted = set(args.shots or [])

    sys.path.insert(0, args.qwen_gui_dir)
    qwen = __import__(args.module)  # type: ignore
    qwen.COMFYUI_URL = args.comfy
    qwen.OUTPUT_DIR = args.output_dir
    qwen.PROMPT_PREFIX = ""
Confidence
97% confidence
Finding
qwen = __import__(args.module) # type: ignore

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The guidance to use an already configured Telegram Bot API token for direct delivery expands the skill from local video generation into credential-backed external exfiltration/transmission. Even though it says not to paste the token into logs, encouraging direct use of a bot token creates a pathway for unintended data transfer and misuse of a privileged secret outside the core local-rendering workflow.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The guidance hard-codes sexualized default casting traits such as 'glamorous adult model proportions' and a 'clearly defined G-cup bust silhouette' as a default for unspecified adult female protagonists. In a general-purpose ad/video generation skill, this creates biased and unnecessarily sexualized outputs, increasing the risk of unsafe, discriminatory, or brand-inappropriate content generation without explicit user consent.

Natural-Language Policy Violations

High
Confidence
96% confidence
Finding
The file sets a Korean-specific appearance and styling default ('celebrity-level Korean Instagram-model casting') for unspecified adult female protagonists, without opt-in, locale gating, or business justification. Because this skill is a public pipeline for commercial video creation, the default can systematically impose ethnicity- and culture-specific stereotypes, producing exclusionary or discriminatory outputs at scale.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document explicitly recommends saving raw prompts and responses in `meta/`, which can include sensitive project inputs, creative briefs, product details, or personal data supplied by the user. Without any retention notice, minimization guidance, or opt-in control, this creates a real privacy risk through unintended local persistence and later exposure to other users, backups, or synced storage.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script repeatedly writes subtitle temp files and invokes ffmpeg with -y, which forcibly overwrites existing media outputs. In a local automation skill, user-supplied --out and project paths could accidentally clobber important files without interactive confirmation or path safety checks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.