Back to skill

Security audit

Save Video

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it downloads a user-provided video URL and saves it locally.

Install this only if you want the agent to download videos from URLs you provide. Run it in a workspace where a local videos folder and potentially large media files are acceptable, and consider copyright, site terms, disk usage, and the trustworthiness of the URL before using it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly states it will download and save videos locally, but it does not clearly warn the user about automatic file writes, storage location, overwrite behavior, or disk/privacy implications before acting. In an agent context, silent local file creation is security-relevant because it can surprise users, consume storage, and create unwanted or policy-violating artifacts from untrusted URLs.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.