Back to skill

Security audit

Keynote Video

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for turning presentations into narrated videos, but it needs Review because it runs local shell commands with weak argument isolation and may send presentation-derived narration to an online TTS service without clear disclosure.

Install only if you are comfortable running local media tooling on trusted presentation files and having narration text handled by edge-tts. Avoid confidential decks unless the TTS data flow is acceptable, and review filenames plus video_design_spec.json values before generation because unsafe values could affect shell commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases include broad everyday expressions such as '生成视频' and '做视频', which can cause the skill to activate in unrelated contexts. In an agent environment, over-broad activation increases the chance that user files are scanned and processed unexpectedly, which can lead to unintended handling of sensitive documents and accidental execution of downstream tooling.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document states that Phase 3 performs TTS with edge-tts but does not clearly disclose that user-provided slide content and generated scripts may be sent to a network-backed TTS service. This creates a privacy and data-handling risk because sensitive presentation contents could leave the local environment without explicit user awareness or consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script passes full narration text to the external `edge-tts` tool, which may transmit user-provided slide/script content to a remote service. In a presentation-to-video workflow, that content can include confidential business, personal, or regulated information, and the script does not present an explicit disclosure or consent step before transmission.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/generate.js:60