小米触屏闹钟视频制作

Security checks across malware telemetry and agentic risk

Overview

This skill is a visible Bilibili video download and processing guide; its main risks are ordinary media overwrite and package-install caution, not hidden or malicious behavior.

Install only if you are comfortable running local media-processing commands and downloading Bilibili content. Use a Python virtual environment where possible, avoid reusing output filenames, and keep originals until you confirm the cropped, trimmed, and compressed result is correct.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill repeatedly documents ffmpeg commands with the `-y` flag, which forces overwriting output files without prompting. Although the skill recommends BV-based filenames to reduce collisions, user-supplied paths, reused output names, or mistakes in intermediate/final file selection can still cause silent data loss, especially in a batch or scripted workflow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal