Back to skill

Security audit

Video Prompt Reverse

Security checks across malware telemetry and agentic risk

Overview

The skill appears aimed at video analysis, but it uses broad browser automation and uploads local video frames to Doubao without enough scoping or privacy disclosure.

Install only if you are comfortable with a skill controlling a local browser session and sending selected video frames to Doubao. Use a separate browser profile or non-primary account, review frames before upload, avoid private or confidential videos, and do not disable certificate checks or share/export cookies unless you understand the account risk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def _get_ws_url(self, tab_id: str, host: str = "127.0.0.1", port: int = 9222) -> Optional[str]:
        """通过 JSON API 获取 Tab 的 WebSocket URL"""
        try:
            result = subprocess.run(
                ['powershell', '-Command', f'(Invoke-RestMethod http://{host}:{port}/json).webSocketDebuggerUrl'],
                capture_output=True, text=True, timeout=5
            )
Confidence
87% confidence
Finding
result = subprocess.run( ['powershell', '-Command', f'(Invoke-RestMethod http://{host}:{port}/json).webSocketDebuggerUrl'], capture_output=True, text=True,

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The client exposes a generic Runtime.evaluate capability that can execute arbitrary JavaScript in a browser tab, far beyond the stated purpose of analyzing Doubao content. With access to a live authenticated tab, this can read page data, trigger actions, or manipulate any site open in the browser via the DevTools protocol, making the skill substantially more dangerous in context.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The code enumerates all tabs and, if a Doubao tab is not found, silently falls back to the first available tab. In practice, this can direct subsequent automation and JavaScript execution at unrelated sites containing sensitive sessions or data, greatly increasing the chance of cross-site impact and unintended access.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow explicitly suggests downloading videos from platforms that may require authenticated cookies or login state, but it provides no guidance on protecting session cookies, handling personal/account data, or respecting platform/privacy constraints. In a security-sensitive automation skill, this omission can lead users to expose browser cookies or reuse privileged session state in unsafe ways, resulting in account compromise or unintended access to private content.

Missing User Warnings

High
Confidence
97% confidence
Finding
The workflow automates uploading extracted video frames to doubao.com for analysis but does not clearly disclose that local image data will be transmitted to a third-party external service. Because frames may contain faces, private locations, confidential screens, or copyrighted material, silent exfiltration to a remote AI service creates substantial privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guide explicitly recommends using `--no-check-certificates` to bypass TLS certificate validation during troubleshooting, without any warning or constraints. This weakens transport security and can expose downloads, cookies, or session data to man-in-the-middle interception, especially since the skill handles video retrieval from external services.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script is designed to upload locally extracted video frames to Doubao via browser automation, but it provides no explicit consent prompt, privacy notice, destination validation, or safeguards against uploading sensitive images. Because video frames can contain personal data, confidential screens, or other sensitive content, silent transmission to an external AI service creates a real data-exposure risk in this skill’s context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.