Back to skill

Security audit

Byted Las Video Edit

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do the promised video clipping, but its setup automatically installs a remote SDK and one helper executes a local .env file as shell code, so it should be reviewed before use.

Install only if you trust the publisher and Volcengine SDK source. Review scripts/env_init.sh before running it, consider pinning/verifying the SDK wheel yourself, and avoid placing executable shell content in the project .env. Use a limited LAS API key, confirm the estimated cost before submission, and remember that local videos or reference images may be uploaded to Volcengine/TOS for processing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script downloads a remote manifest and automatically upgrades/install an SDK from a remote wheel during environment initialization, without pinning trust via checksum/signature verification or requiring explicit approval. This creates a supply-chain execution path: if the remote host, manifest, or package is tampered with, arbitrary code can be introduced into the user's environment simply by sourcing the init script.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script performs a silent remote fetch and package installation/upgrade with no explicit warning or consent, so users who only expect local environment setup may unknowingly trigger network activity and code changes. Because pip-installed packages can execute code during installation and later at runtime, this materially increases the risk of covert supply-chain compromise and unexpected environment mutation.

Credential Access

High
Category
Privilege Escalation
Content
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "${SCRIPT_DIR}/../../.." && pwd)"

if [ -f "${PROJECT_ROOT}/.env" ]; then
  source "${PROJECT_ROOT}/.env"
  export LAS_API_KEY LAS_REGION
fi
Confidence
84% confidence
Finding
.env"

Credential Access

High
Category
Privilege Escalation
Content
PROJECT_ROOT="$(cd "${SCRIPT_DIR}/../../.." && pwd)"

if [ -f "${PROJECT_ROOT}/.env" ]; then
  source "${PROJECT_ROOT}/.env"
  export LAS_API_KEY LAS_REGION
fi
Confidence
84% confidence
Finding
.env"

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.