Security audit

Poker Clip

Security checks across malware telemetry and agentic risk

Overview

This skill coherently processes local poker videos into short clips and does not show hidden data access, exfiltration, or unsafe persistence.

Use an explicit command and video path when invoking this skill. Expect it to create clips, transcript caches, subtitle files, and JSON reports in the workspace, and delete those outputs if the source media is private or disk usage matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The invocation examples include broad natural-language triggers like “帮我处理这个扑克视频” and especially “切割新视频,” which are generic enough to be matched unintentionally during normal conversation. In an agent environment, that can cause the skill to launch on the wrong input or file, leading to unintended processing, resource consumption, or modification of user media.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.