Security audit

Video Transition

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local video-transition helper that uses FFmpeg to read and write video files, with the main caution that outputs can overwrite existing files.

Install this only if you intend to process local videos with a trusted FFmpeg/FFprobe installation. Use explicit output filenames in a safe working directory, avoid pointing outputs at files you need to keep, and review batch input/output folders before running because the tool can create files and overwrite chosen output paths.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill documentation indicates capabilities consistent with shell execution and file writing via ffmpeg usage, but it does not declare any permissions or safety boundaries. This creates a trust and review gap: downstream systems or users may invoke a skill that can write files and spawn shell-backed processing without explicit acknowledgment, increasing the risk of command injection or unsafe file operations in the implementation.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.