inSaiAI Intelligent Editing

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward FFmpeg/FFprobe command guide, with one caution that its live-streaming example sends media to a remote service.

Install this if you want help drafting FFmpeg and FFprobe commands. Review paths, overwrite behavior, and network destinations before running any generated command; for live streaming, treat stream keys as secrets and avoid putting real keys directly in pasted commands or logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill includes an FFmpeg live-streaming command that sends media to a remote RTMP endpoint and embeds a placeholder stream key, but it does not warn users that this operation transmits data off-host or that real stream keys are sensitive secrets. In an agent skill that emits shell commands, this omission increases the chance a user or downstream agent will paste or log a real key and unintentionally publish content or leak credentials.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal