Auto Video Editor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local video-editing skill, with disclosed media processing and indexing plus some privacy and overwrite caveats users should understand.

Install only if you are comfortable letting the skill process local videos and transcripts, create project-local indexes and generated media, and download models/fonts from external providers. Keep sensitive footage in a dedicated project directory, avoid scanning broad folders, review transcript edits before confirming them, and back up existing generated outputs if filename replacement would matter.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (7)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: "-vf", drawtext, cover_path, ] subprocess.run(cmd, check=True, capture_output=True, text=True) # Replace first frame in video print(f"Replacing first frame with cover...")
Confidence: 75% confidence
Finding: subprocess.run(cmd, check=True, capture_output=True, text=True)

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: The white cover style imports Google Fonts via @import from fonts.googleapis.com, causing a network request during what is described as a local video-editing workflow. This can leak usage metadata and environment information, and it breaks expectations that processing remains local and offline.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The 'Use when' scope is extremely broad and covers many adjacent tasks without defining exclusions or safety boundaries. In agentic environments, vague invocation criteria can cause the skill to be selected for requests that unintentionally trigger filesystem changes, shell execution, package installation guidance, or network access.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The workflow instructs copying or moving media files and directly editing transcript.json files, but it does not provide a strong upfront warning that user files will be changed in place. In a content-production context this can cause data loss, overwritten annotations, or unintended mutation of source assets and transcripts.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The plan explicitly adds a media library that scans project directories, extracts metadata, and persists an index of media and transcript paths, but does not require any user-facing disclosure, consent, or retention guidance. In a video-editing skill, users may reasonably provide sensitive raw footage and transcripts, so silent indexing increases privacy risk even if all storage is local.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The plan adds multi-format export that can generate several additional video files from one command, but does not include safeguards or warnings about overwriting outputs or increased disk consumption. In media workflows this can unexpectedly consume large amounts of storage or replace existing deliverables, causing data loss or operational disruption.

Natural-Language Policy Violations

Medium

Confidence: 89% confidence
Finding: The code automatically switches package/model download infrastructure based on locale heuristics, redirecting users to China-specific mirrors without explicit opt-in. This weakens supply-chain trust boundaries because downloads may come from alternate infrastructure the user did not choose, increasing the risk of tampered packages, model artifacts, or privacy leakage about environment and region.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal