VectCut: The first "To-Agent" video editing platform. Build automated video workflows with our stable cloud APIs in Coze, Dify, or OpenClaw.

Security checks across malware telemetry and agentic risk

Overview

This is a powerful cloud video-editing skill, but it includes unsafe credential handling and broad automatic media-processing behavior that users should review before installing.

Install only if you trust VectCut with the media, draft IDs, transcripts, prompts, and generated outputs involved. Avoid using the Feishu workflow generator until it is changed to use a placeholder or secure secret binding instead of embedding the real API key. Confirm uploads and draft mutations before running broad automatic workflows, especially with private or proprietary media.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (52)

Tainted flow: 'upload_url' from requests.post (line 68, network input) → requests.put (network output)

Medium

Category: Data Flow
Content: } with open(file_path, "rb") as f: resp = requests.put(upload_url, headers=oss_headers, data=f, timeout=120) if resp.status_code not in (200, 201): raise RuntimeError(f"OSS upload failed: {resp.status_code}, {resp.text}")
Confidence: 82% confidence
Finding: resp = requests.put(upload_url, headers=oss_headers, data=f, timeout=120)

Description-Behavior Mismatch

Medium

Confidence: 81% confidence
Finding: The skill is scoped as subtitle templating, but the '口播自动包装' section mandates additional editing actions such as sound effects, visual effects, and background music. That scope expansion increases the chance of performing unexpected modifications to user drafts beyond the requested subtitle operation, which is a form of over-broad action execution.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill explicitly requires creating, updating, and rereading a local state file even though it presents itself as a pure orchestration skill. This creates an undeclared side effect on the host filesystem and can cause agents to write persistent artifacts without clear user consent or sandbox guarantees.

Intent-Code Divergence

High

Confidence: 96% confidence
Finding: The document claims the skill is only responsible for planning, but elsewhere it mandates execution behaviors such as state mutation, continuation logic, and returning execution results. This contradiction can mislead the agent runtime about the skill's privileges and trust boundary, increasing the risk that a planning-only skill is granted or attempts operational capabilities it should not have.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The rule explicitly instructs the system to read a local environment secret (`VECTCUT_API_KEY`) and substitute the real value into generated prompts. That causes direct secret disclosure into user-visible output or downstream systems, turning a local credential into exposed data that can be copied, logged, or reused for unauthorized API access.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The document frames authentication as 'already completed' but then directs the model to use the current environment's actual API key value in the final prompt. This is a prompt-level exfiltration path: it normalizes embedding real secrets into generated artifacts while obscuring the fact that sensitive material is being disclosed.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The skill description says it 'must be prioritized' for a wide range of common video-editing requests, which is overly broad for a high-capability skill. This can cause the agent to invoke a networked, shell-capable workflow in situations where the user did not clearly consent to external processing or advanced automation.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: Using vague phrases like '拼在一起' and '合成一条' as direct routing triggers makes accidental invocation likely, especially because the skill can fetch, analyze, upload, and edit media through external APIs. The ambiguity increases the risk that unrelated user requests are escalated into broad automated actions without sufficient scoping.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The sub-route maps everyday phrases directly to an automatic 'mixed edit + voiceover + subtitles + BGM' workflow and even defaults to execution when details are missing. This is risky because it turns underspecified user text into a multi-step external media-processing pipeline, potentially causing unwanted uploads, generated content, or resource consumption.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly supports fetching videos from external platforms and analyzing linked content, but the description does not warn users that providing a link may trigger retrieval and analysis of third-party media. This weakens informed consent and may expose users to privacy, copyright, or compliance issues depending on the linked source.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The rule instructs the agent to upload local media to a public URL before processing, but there is no prominent warning or consent requirement. This is dangerous because local files may contain sensitive or proprietary content, and converting them to publicly reachable URLs can result in unintended disclosure beyond the user's expectations.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to repeatedly call `add_audio` to modify the target draft, but it does not clearly warn the user that execution will write persistent changes to the existing draft timeline. This can lead to unintended media edits, duplicated audio tracks, or corruption of an in-progress project if the skill is triggered automatically or rerun without explicit user awareness.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill uses mandatory and very broad activation phrases such as '加特效', '开头抓眼球', and similar common editing intents, which can cause the agent to invoke this skill for a wide range of ordinary user requests without sufficient narrowing conditions. In an agentic system, overly broad routing is dangerous because it can trigger unintended external API actions, consume resources, and bypass more appropriate or safer skills for the user's actual task.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The rule says the skill 'must' be used for several common user phrases, which creates over-broad automatic activation without requiring strong confirmation that the user actually wants this specific operation. In an agent setting, this can cause unintended tool execution or workflow hijacking, especially because the parent skill already says this family of skills must be prioritized for broad editing requests.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The usage section lists vague scenarios like adding attention-grabbing sounds at the start or for 'important keywords' without objective boundaries. Ambiguous activation logic increases the chance that an agent applies the skill when the user did not clearly request it, leading to unwanted content modifications and reduced operator control.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The description says the skill will automatically generate, template, and execute workflow writes back into a draft, but it does not require an explicit user-facing confirmation before modifying draft state. In an agent setting, this can lead to silent, irreversible, or hard-to-audit changes to user media projects if the request is ambiguous or the wrong draft is targeted.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill requires use of VectCut APIs and processing of audio/video URLs and draft data, but it does not instruct the agent to disclose that user media and metadata will be transmitted to external services. This creates a privacy and consent risk, especially for sensitive or proprietary media content.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs the agent to check for and use `VECTCUT_API_KEY`, then send `draft_id` and title content to an external VectCut API, but it provides no user-facing disclosure, consent step, or data-handling warning. In an agent setting, this can cause silent transmission of user content and use of stored credentials to a third-party service, which is a meaningful security and privacy risk even if the API use is expected for the skill's function.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger text is broad enough to auto-invoke this skill for loosely related phrases such as generic export or rendering requests, which can cause the agent to select and run a networked rendering workflow without sufficient user confirmation. In this context, the skill can submit backend jobs and poll external APIs, so overbroad routing increases the chance of unintended actions, unnecessary resource consumption, and accidental disclosure of draft identifiers or rendered media URLs.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger language is very broad and mandatory, causing the skill to activate for a wide range of loosely related user requests. Over-broad activation can hijack routing decisions, leading the system to invoke this skill in contexts where its side effects, API use, or workflow assumptions are inappropriate.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs continual creation and mutation of a local state file but does not warn the user that it will modify the filesystem. Hidden local writes are dangerous because they can violate user expectations, leave residual data behind, and create opportunities for path misuse or persistence on sensitive environments.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger language is very broad (e.g. general phrases like '先看素材里有什么/素材盘点/先做视频理解'), which increases the chance the skill is invoked in routine conversations without clear user intent to send media to external services. In this skill, mis-triggering is more dangerous because invocation causes remote media processing, subtitle extraction, video understanding, and local report generation, potentially exposing user data or causing unintended actions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill processes potentially sensitive remote media through external APIs, extracts audio/transcripts, and writes JSON/Markdown reports locally, but it does not clearly warn about data handling, persistence, or privacy implications. In this context, the omission is more dangerous because the workflow explicitly supports batch processing, which can amplify accidental disclosure of confidential media contents, transcripts, or derived summaries.

Missing User Warnings

High

Confidence: 99% confidence
Finding: Embedding an actual API key into a generated workflow prompt without warning or safeguards is a clear credential-handling failure. Because this skill is specifically designed to produce prompts for another platform, the secret is likely to propagate into documents, automation configs, chat history, or audit logs, greatly increasing exposure and misuse risk.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description uses mandatory activation language ('当用户提到…时必须使用本技能'), which can cause the agent to invoke this skill even when the user's request is ambiguous or when a safer, narrower tool would be more appropriate. In a media-editing context, broad forced routing increases the chance of unintended API calls, data submission, and side effects without clear user confirmation.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal