视频运镜分析工具

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a video analysis and prompt-writing helper; the flagged issues are usability and consent concerns, not evidence of malicious behavior.

Install this if you want help analyzing videos and turning the analysis into AI prompts. Be explicit about when to use the skill and specify your preferred output language if you do not want English.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill declares very broad trigger phrases such as '分析这个视频' and '帮我拆镜', which can overlap with ordinary user requests about video analysis and cause the skill to activate unexpectedly. Over-broad activation can route unrelated user content to this skill, creating consent, privacy, and mis-execution risks, especially because it processes uploaded video files automatically.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: The skill description states that it generates English AI prompts by default, without indicating user choice or opt-in. This can conflict with user expectations, language preferences, or downstream workflows, and may cause unintended data transformation rather than preserving the user's requested language.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal