Back to skill

Security audit

Video Post Production

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do the video-editing work it advertises, with expected local file creation and media-tool execution but no evidence of hidden access, persistence, exfiltration, or destructive behavior.

Install only if you are comfortable with the skill running local ffmpeg/python commands, possibly installing faster-whisper, and creating an output folder beside the source video. Use it on videos you intend to process, review any dependency-install prompt, and specify language/output preferences when the defaults are not appropriate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print("Executing FFmpeg...")
    try:
        process = subprocess.Popen(
            ffmpeg_cmd,
            stdout=subprocess.PIPE,
            stderr=subprocess.STDOUT,
Confidence
78% confidence
Finding
process = subprocess.Popen( ffmpeg_cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, universal_newlines=True )

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to read user files, create directories and outputs next to the input video, and execute shell commands (`ffmpeg`, `pip3 install`, Python scripts), but the skill does not declare permissions. This creates a transparency and policy-enforcement gap: users and the platform may not realize the skill can modify the filesystem and invoke arbitrary local tooling.

Vague Triggers

Medium
Confidence
73% confidence
Finding
The trigger list includes broad English phrases like "subtitle," "video editing," and "post-production," which may match many generic user requests and cause the skill to activate unexpectedly. Over-broad activation increases the chance that a shell-capable, file-writing skill runs in contexts where the user did not intend this workflow.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill describes outputs and default behavior, but does not clearly warn up front that it will create a sibling working directory and render a final video file beside the user's original input. This is primarily a consent and surprise issue: unannounced file creation can confuse users, overwrite expectations about workspace cleanliness, and amplify risk when combined with shell/file-write capabilities.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The workflow assumes Chinese transcription and Chinese-specific subtitle rendering defaults without validating the video's language or obtaining user opt-in. In mismatched contexts this can produce incorrect transcripts and misleading captions, which is risky for a media-processing skill whose main output is user-facing content.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The transcription command hard-codes `--language "zh"`, forcing Chinese processing regardless of the actual audio. This can substantially degrade output quality, creating inaccurate subtitles and downstream editing decisions (highlighting, SFX placement, BGM selection) based on bad transcript data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.