Video Extractor Pro

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local video extraction skill with ordinary usability and overwrite cautions, not evidence of malicious or high-risk hidden behavior.

Install this if you want a local ffmpeg-based video frame, clip, GIF, and info tool. Use ffmpeg/ffprobe from a trusted source, review output filenames because existing files may be overwritten, and note that the skill text is primarily in Chinese.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrases are broad, generic requests such as extracting video frames or screenshots, which can easily overlap with normal user intent in many contexts. This can cause the skill to activate unexpectedly, leading to unintended handling of user requests or routing to a tool with file/media-processing capabilities when the user did not explicitly ask for this specific skill.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The skill content is entirely in Chinese and the trigger terms are presented only in Chinese, with no indication that users can choose another language. This can create ambiguous activation behavior or mismatches in multilingual environments, potentially causing the skill to trigger unexpectedly for some users while being inaccessible or misleading for others.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal