Back to skill

Security audit

Video Intelligence

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it claims, but a shell-scripting flaw could let a crafted video title run local commands, and fallback transcription can send audio to OpenAI.

Review this skill carefully before installing. Do not use it on private or sensitive videos unless you accept possible OpenAI audio upload, and avoid processing untrusted or adversarial video URLs until the filename handling is fixed to avoid shell interpretation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill clearly invokes shell commands and depends on external binaries like yt-dlp, curl, python3, and ffmpeg, yet no declared permissions are present. This creates a transparency and governance gap: users or the host agent may not realize the skill can execute local commands, download remote content, and handle files, which increases the chance of unsafe execution in environments that rely on manifest permissions.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger description includes broad phrases such as "what does this video say" and effectively any supported video URL, which can cause unintended invocation during ordinary conversation or when a URL is mentioned incidentally. In a skill that downloads content and may upload audio externally, accidental activation materially increases privacy and execution risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
When captions are unavailable, the script uploads the downloaded audio file to OpenAI's transcription API, which is an external third party. The skill description mentions this behavior, but the script itself provides only a generic log message and does not require explicit user consent at the time of transmission, creating a real privacy and data-handling risk for sensitive or private media.

External Transmission

Medium
Category
Data Exfiltration
Content
## ⚠️ Privacy Notice — OpenAI Audio Upload

When captions are unavailable (common for TikTok, Instagram, X), the script **downloads the audio and uploads it to OpenAI's transcription API** (`https://api.openai.com/v1/audio/transcriptions`). This means:

- Audio content leaves your machine and is sent to OpenAI
- Requires `OPENAI_API_KEY` to be set
Confidence
91% confidence
Finding
https://api.openai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
"$URL" >&2

    echo "Transcribing via OpenAI Whisper..." >&2
    RESULT=$(curl -s https://api.openai.com/v1/audio/transcriptions \
      -H "Authorization: Bearer $OPENAI_API_KEY" \
      -F model="gpt-4o-mini-transcribe" \
      -F file="@${AUDIO}")
Confidence
98% confidence
Finding
https://api.openai.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.