Security audit

Auto Video Analyzer

Security checks across malware telemetry and agentic risk

Overview

This video-analysis skill is broadly coherent, but first use can automatically download and run unpinned GitHub shell scripts on the user's machine.

Review the GitHub helper scripts before use, prefer pinning them to a specific commit with checksums, and require explicit confirmation before first download or execution. Avoid using it on sensitive videos unless you understand where extracted frames are analyzed and stored, and clean the workspace tools and analysis directories when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill explicitly documents downloading platform-specific shell scripts from GitHub and then executing them as part of normal operation. That introduces remote code execution and supply-chain risk well beyond a narrowly scoped video-analysis skill, especially because the fetched content is not pinned, verified, or reviewed before execution.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The first-run logic writes executable files into the user's workspace and, on Unix-like systems, marks them executable before later use. Persisting new executables in a user-controlled tools directory increases the attack surface and enables execution of untrusted code obtained from the network.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README states that the skill will automatically download platform-specific tools from GitHub on first use, but it does not clearly warn users that external scripts will be fetched and then executed. Auto-downloading executable scripts materially increases supply-chain risk: a compromised repo, release asset, or network path could result in arbitrary code execution on the user's machine.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The README describes extracting frames and analyzing them with AI, but it does not clearly disclose the privacy implications of sending or exposing video-derived content for analysis. Users may unknowingly process sensitive footage, faces, screens, documents, or proprietary content without understanding retention, transmission, or third-party exposure risks.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger phrases are broad, generic conversational patterns such as asking to analyze or debug a video. This makes accidental invocation more likely, which is especially risky here because activation can lead to downloading and running external scripts without a strong, deliberate user action.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The top-level description says the skill will auto-download platform-specific tools on first use, but it does not clearly warn that these are executable shell/PowerShell scripts fetched from GitHub and then run. That weakens informed consent and increases the chance users trigger network retrieval and code execution without understanding the security implications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal