Video Editing Agent (VEA)

Security checks across malware telemetry and agentic risk

Overview

VEA appears to be a legitimate video-editing skill, but it asks for powerful installation, credential, and third-party media-processing access that users should review carefully.

Install only if you are comfortable giving the service access to selected videos and the listed provider credentials. Use dedicated or least-privilege API keys, avoid broad personal Google application-default credentials when possible, inspect or pin the external repo and uv installer before running them, confirm each processing job before media leaves your machine, and delete local outputs/indexes after sensitive projects.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill clearly instructs the agent/user to run shell commands, install software, invoke Python, curl endpoints, and use ffmpeg, yet it declares no permissions to reflect those capabilities. This mismatch weakens policy enforcement and user understanding, making it easier for a seemingly harmless skill to trigger command execution paths without explicit authorization boundaries.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The activation text is very broad ('use when asked to ... perform any video editing task'), which can cause the skill to be selected in many situations involving arbitrary media files, shell-driven processing, and external API usage. Over-broad routing increases the chance that sensitive files or unintended requests are handed to a powerful skill without narrow task scoping or additional consent.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: The installation flow includes piping a remotely fetched script directly into the shell without any integrity verification or warning. If the upstream server, CDN, DNS, TLS termination, or install script is compromised, this results in immediate arbitrary code execution on the host.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation explicitly describes sending video, transcripts, scripts, subtitles, and music-selection data to multiple third-party services, but it provides no privacy notice, consent guidance, data minimization expectations, or retention/sharing caveats. In a video-editing skill, user content is often highly sensitive, so omitting these warnings increases the risk of accidental unauthorized data disclosure and noncompliant handling of personal or proprietary media.

External Transmission

Medium

Category: Data Exfiltration
Content: ```bash # Download from Soundstripe API SOUNDSTRIPE_KEY=$(jq -r '.api_keys.SOUNDSTRIPE_KEY' ~/vea/config.json) curl -s "https://api.soundstripe.com/v1/songs/TRACK_ID" \ -H "Authorization: Token $SOUNDSTRIPE_KEY" | jq '.included[0].attributes.versions.mp3' # Mix with ffmpeg (15-20% music volume)
Confidence: 84% confidence
Finding: https://api.soundstripe.com/

External Script Fetching

Low

Category: Supply Chain
Content: cd vea-open-source # Install uv package manager curl -LsSf https://astral.sh/uv/install.sh | sh # Install dependencies uv sync
Confidence: 98% confidence
Finding: curl -LsSf https://astral.sh/uv/install.sh | sh

Chaining Abuse

High

Category: Tool Misuse
Content: cd vea-open-source # Install uv package manager curl -LsSf https://astral.sh/uv/install.sh | sh # Install dependencies uv sync
Confidence: 99% confidence
Finding: | sh

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal