Back to skill

Security audit

Reelsmith

Security checks across malware telemetry and agentic risk

Overview

Reelsmith is a coherent short-video creation skill, but users should understand that its optional helpers create local media files, can overwrite chosen outputs, and may send text or prompts to external AI services.

Install only if you are comfortable running local ffmpeg/Python media helpers. Use non-sensitive text or prompts for OpenAI TTS and LTX video generation, keep API keys scoped, and choose fresh output filenames to avoid overwriting existing files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
concat = work / 'concat.txt'
    concat.write_text(''.join([f"file '{c}'\n" for c in clips]))
    subprocess.run(['ffmpeg', '-y', '-f', 'concat', '-safe', '0', '-i', str(concat), '-c', 'copy', args.output], check=True)
    print(args.output)
Confidence
95% confidence
Finding
subprocess.run(['ffmpeg', '-y', '-f', 'concat', '-safe', '0', '-i', str(concat), '-c', 'copy', args.output], check=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
f":x=(w-text_w)/2:y=(h-text_h)/2"
            f":box=1:boxcolor=black@0.55:boxborderw=34"
        )
        subprocess.run([
            'ffmpeg', '-y', '-f', 'lavfi', '-i', f'color=c=black:s=1080x1920:d={args.scene_duration}',
            '-vf', draw,
            '-frames:v', '1', str(img)
Confidence
96% confidence
Finding
subprocess.run([ 'ffmpeg', '-y', '-f', 'lavfi', '-i', f'color=c=black:s=1080x1920:d={args.scene_duration}', '-vf', draw, '-frames:v', '1', str(img)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
f"drawtext=textfile='{txt}':reload=0:fontcolor=white:fontsize={fontsize}:line_spacing={line_spacing}:"
        f"x=(w-text_w)/2:y=(h-text_h)/2:box=1:boxcolor={boxcolor}:boxborderw={boxborderw}"
    )
    subprocess.run([
        'ffmpeg', '-y', '-f', 'lavfi', '-i', f'color=c=black@0.0:s={CANVAS_W}x{CANVAS_H}:d=1,format=rgba',
        '-frames:v', '1', '-update', '1', '-vf', vf, str(out)
    ], check=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
Confidence
86% confidence
Finding
subprocess.run([ 'ffmpeg', '-y', '-f', 'lavfi', '-i', f'color=c=black@0.0:s={CANVAS_W}x{CANVAS_H}:d=1,format=rgba', '-frames:v', '1', '-update', '1', '-vf', vf, str(out) ], che

subprocess module call

Medium
Category
Dangerous Code Execution
Content
'-pix_fmt', 'yuv420p',
        str(out)
    ]
    subprocess.run(cmd, check=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)


def main():
Confidence
89% confidence
Finding
subprocess.run(cmd, check=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
concat = work / 'concat.txt'
    concat.write_text(''.join([f"file '{c}'\n" for c in clips]))
    subprocess.run([
        'ffmpeg', '-y', '-f', 'concat', '-safe', '0', '-i', str(concat), '-c', 'copy', args.output
    ], check=True)
    print(args.output)
Confidence
92% confidence
Finding
subprocess.run([ 'ffmpeg', '-y', '-f', 'concat', '-safe', '0', '-i', str(concat), '-c', 'copy', args.output ], check=True)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This section instructs the agent to create local media files and to call external services using API keys, but it does not clearly warn that user-provided content may be written to disk or transmitted to third-party providers. In a content-production skill, that omission is risky because source material may contain sensitive text, unpublished marketing content, or proprietary assets that could be exfiltrated or persist locally without informed consent.

Missing User Warnings

Low
Confidence
77% confidence
Finding
The script writes scene text and generated media assets to a temporary directory on disk, which can expose potentially sensitive source material to other local users, backups, endpoint monitoring tools, or later forensic recovery if not cleaned up. In this skill context, users may provide unpublished marketing copy, internal updates, or proprietary content, so silent disk persistence increases confidentiality risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script sends arbitrary input text to an external OpenAI text-to-speech service, which can expose sensitive or proprietary content if users provide confidential text without realizing it leaves the local environment. In this skill context, users may generate narrated reels from drafts, articles, or internal updates, which makes accidental disclosure more plausible.

Unvalidated Output Injection

High
Category
Output Handling
Content
ap.add_argument('--output', required=True)
    args = ap.parse_args()

    subprocess.run([
        'ffmpeg', '-y', '-i', args.video, '-i', args.audio,
        '-c:v', 'copy', '-c:a', 'aac', '-shortest', args.output
    ], check=True)
Confidence
85% confidence
Finding
subprocess.run([ 'ffmpeg', '-y', '-i', args.video, '-i', args.audio, '-c:v', 'copy', '-c:a', 'aac', '-shortest', args.output

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.