Back to skill

Security audit

Scene Video Pipeline

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local video-production helper that runs expected media scripts and does not show hidden data theft, persistence, or destructive behavior.

Install only if you are comfortable running local media-processing scripts on trusted project directories. Review manifest.csv and scene-order.txt before running because they determine the media files read and written, and pre-cache or verify Kokoro model weights if your environment must avoid outbound network access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill exposes shell-capable operations through documented script and command execution, but it does not declare corresponding permissions. That mismatch can cause users or enforcement systems to underestimate what the skill is able to do, especially since it invokes multiple local scripts and external binaries like ffmpeg, ffprobe, and node. In this context the risk is elevated because the skill is explicitly an automation pipeline that will execute commands over user-supplied module directories.

Missing User Warnings

Low
Confidence
71% confidence
Finding
The skill acknowledges outbound network access for initial Kokoro model-weight download, but the warning is easy to miss and does not clearly communicate when remote fetches occur or what is downloaded. Users may assume the workflow is fully local and inadvertently permit network egress in restricted environments. The context makes this somewhat more concerning because the rest of the description emphasizes local rendering/stitching, which can obscure the network behavior.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The script feeds manifest text into KPipeline with repo_id='hexgrad/Kokoro-82M', which may trigger model fetching or remote service interaction depending on the environment and library behavior. If operators assume all narration text stays local, sensitive script content could be disclosed externally without explicit notice or an offline-only control, which is more concerning in an automated media pipeline processing arbitrary project content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.