Security checks across malware telemetry and agentic risk
The skill appears to do video parsing and transcription as described, but it needs review because it can fetch loosely validated URLs, upload extracted audio to SiliconFlow, and retain media/transcripts locally.
Install only if you are comfortable with the skill contacting video platforms, sending extracted audio to SiliconFlow for transcription, and storing generated reports and temporary media locally. Avoid using it on untrusted or attacker-supplied links until URL allowlisting and redirect validation are tightened, and enable temp cleanup for sensitive content.
data = {
"model": model
}
response = requests.post(DEFAULT_API_BASE_URL, headers=headers, files=files, data=data, timeout=600)
response.raise_for_status()
result = response.json()# 示例: parse_api_url=http://ip:8000/video/share/url/parse?url= parse_api_url= # SiliconFlow ASR API 地址 (可选,默认: https://api.siliconflow.cn/v1/audio/transcriptions) siliconflow_api_url=https://api.siliconflow.cn/v1/audio/transcriptions # 是否自动清理临时文件 (可选,默认: false)
parse_api_url= # SiliconFlow ASR API 地址 (可选,默认: https://api.siliconflow.cn/v1/audio/transcriptions) siliconflow_api_url=https://api.siliconflow.cn/v1/audio/transcriptions # 是否自动清理临时文件 (可选,默认: false) # true: 自动删除临时文件(视频和音频)
60/60 vendors flagged this skill as clean.