Back to skill

Security audit

Short Video Reverse Engineer

Security checks across malware telemetry and agentic risk

Overview

This skill performs the video analysis workflow it advertises, with local file and shell activity that is mostly expected but worth controlling carefully.

Install only if you want a local automation that runs ffmpeg/Whisper on your videos, writes reports and reference images, and may move processed originals. Use a dedicated input folder and temp directory, review the hard-coded Windows paths before running, and run it on copies if you do not want originals reorganized.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to read and write files, invoke shell commands, inspect environment-dependent paths, and move user files, but it declares no permissions or guardrails. In practice this creates an authorization gap: an operator or platform may treat the skill as lower risk than it is, while the workflow can still modify local data and execute external tools such as ffmpeg and Whisper.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The script copies an executable into a hard-coded interpreter Scripts directory, mutating the host Python environment outside the declared output directory. If the ffmpeg path is attacker-controlled or replaced, this can persist an untrusted binary in a commonly used execution location and affect later runs of unrelated tooling.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger examples are broad enough to activate the skill for generic requests like 'analyze this video' or 'turn this video into a script,' even when the user may not intend a full reverse-engineering workflow. In this skill's context, over-broad activation is more dangerous because the workflow can scan directories, run shell tooling, generate reports, and later move original files, increasing the chance of unintended processing of local content.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill specifies automatically moving the original video into a processed folder as part of normal execution, but it does not require an explicit user-facing confirmation at the point of action. This can cause unintended modification of user data organization, break downstream workflows that expect the file at its original path, and in batch scenarios amplify accidental file handling errors.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script deletes prior outputs under the user-supplied target directory without confirmation and without checking that the path is confined to a safe workspace. If out_dir is mis-specified, symlinked, or attacker-influenced, this can remove unintended files or directories and cause data loss.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.