Back to skill

Security audit

Poker Clip

Security checks across malware telemetry and agentic risk

Overview

This skill coherently processes local poker videos into short clips and does not show hidden data access, exfiltration, or unsafe persistence.

Use an explicit command and video path when invoking this skill. Expect it to create clips, transcript caches, subtitle files, and JSON reports in the workspace, and delete those outputs if the source media is private or disk usage matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The invocation examples include broad natural-language triggers like “帮我处理这个扑克视频” and especially “切割新视频,” which are generic enough to be matched unintentionally during normal conversation. In an agent environment, that can cause the skill to launch on the wrong input or file, leading to unintended processing, resource consumption, or modification of user media.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.