Back to skill

Security audit

visual-transition-reel

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent video-generation workflow, but users should understand that it uploads media to external AI services and runs local ffmpeg/Python assembly scripts.

Install only if you are comfortable sharing selected project media with Pruna and, if background music is enabled, Replicate. Review stills and clips before approving paid phases, avoid gate-skip flags for normal use, and consider pinning the Pillow dependency before using the scripts in a shared or production environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if not crossfades or all(f <= 0 for f in crossfades):
        list_file = output.parent / ".concat_list.txt"
        list_file.write_text("\n".join(f"file '{p.resolve()}'" for p in clip_paths) + "\n")
        subprocess.run(
            [
                ffmpeg,
                "-y",
Confidence
93% confidence
Finding
subprocess.run( [ ffmpeg, "-y", "-f", "concat", "-safe", "0", "-i",

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documents and invokes capabilities including shell execution, file read/write, network access, and environment-variable based credential use, but it does not declare permissions. This creates a transparency and policy-enforcement gap: a caller may treat the skill as low-risk while it can upload files, call external APIs, and run local tooling such as ffmpeg and Python scripts.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The stated description presents a creative video-montage skill, but the body reveals materially broader behavior: external API usage, credential requirements, file uploads to third parties, shell-based assembly, and optional audio generation/mixing. This mismatch can mislead operators and automated governance into approving a skill without understanding the data exfiltration, credential, and execution surfaces involved.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The document explicitly instructs users to upload local photos to `/v1/files` but does not warn that those images will be transmitted to a remote third-party API. In a media workflow skill this is contextually expected, which lowers severity, but the absence of an explicit disclosure can still cause accidental sharing of sensitive personal or proprietary imagery.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document exposes explicit bypass flags such as `--yes-skip-stills-gate` and `--yes-skip-clips-gate`, and even shows `--phase all --yes-skip-stills-gate` as a runnable example. In a workflow whose core safety and cost controls depend on human review between phases, documenting these bypasses without strong guardrails makes it easy for operators or downstream agents to skip approval gates, leading to unreviewed paid generation, poor outputs, or policy-violating content advancing automatically.

Unpinned Dependencies

Low
Category
Supply Chain
Content
Pillow>=11.0.0
Confidence
96% confidence
Finding
Pillow>=11.0.0

Known Vulnerable Dependency: Pillow==11.0.0 — 10 advisory(ies): CVE-2026-25990 (Pillow affected by out-of-bounds write when loading PSD images); CVE-2026-42311 (Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)); CVE-2026-42310 (Pillow has a PDF Parsing Trailer Infinite Loop (DoS)) +7 more

High
Category
Supply Chain
Confidence
87% confidence
Finding
Pillow==11.0.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.