Back to skill

Security audit

Viral Reels Creator

Security checks across malware telemetry and agentic risk

Overview

This video-editing skill is mostly legitimate, but it needs review because it changes the runtime environment and includes unsafe shell-based ffmpeg examples that could execute unintended commands with crafted filenames.

Install only if you are comfortable with a video-editing skill that may install system and Python packages and process local uploaded media. Use an isolated workspace, confirm package installation first, avoid untrusted filenames, and prefer subprocess argument lists over the provided shell=True examples.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill embeds substantial shell execution capability (`apt-get`, `pip`, `ffmpeg`, `bash`, `python`) but does not declare corresponding permissions or boundaries. That mismatch is dangerous because it can cause an agent to invoke command execution and package installation without clear policy gating, increasing the chance of unauthorized system modification or misuse of uploaded files.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The reference includes Python that builds a shell command from clip filenames and filter text, then executes it with shell=True. If any filename or parameter is influenced by user input, shell metacharacters can trigger command injection, which is broader and more dangerous than a simple transitions reference requires.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The Python example dynamically builds a shell command from a list of clip filenames and filter text, then executes it via the shell. If any filename or transition-related value is influenced by untrusted input, shell metacharacters can break out of the intended ffmpeg invocation and trigger arbitrary command execution; because this skill is designed to process uploaded media, that context makes unsafe command construction more dangerous, not less.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger scope is so broad that it can match many ordinary video-editing requests and effectively auto-route general media tasks into a shell-capable skill. In context, that is risky because this skill performs file operations and command execution, so over-triggering expands the blast radius for accidental or unnecessary access to user assets and system tools.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The fallback condition 'any request involving ffmpeg-based video editing for social media' is ambiguous and effectively open-ended, making unintended activation likely. Because the skill then instructs copying files, running scripts, and writing outputs, an imprecise trigger can lead to unnecessary execution on user-provided media or broader-than-expected filesystem interaction.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The skill instructs the agent to copy uploaded assets into another working directory and write outputs without explicitly telling the user that file operations will occur. While expected for media editing, the lack of notice and confirmation reduces transparency and can surprise users about where their files are duplicated or stored.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The file documents a flash/strobe effect that can produce rapid full-frame luminance changes without any safety warning, usage guidance, or limits. In a short-form video creation skill aimed at social platforms, this increases the likelihood that users will generate content that can trigger photosensitive seizures or harm sensitive viewers.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The reference explicitly includes a flash/strobe animation snippet that can generate rapid bright flashes, but the documentation provides no warning about photosensitive seizure risk or guidance on safe use. In a short-form video creation skill aimed at Reels/TikTok/Shorts, these effects are likely to be used directly in public-facing content, increasing the chance of harm to viewers and creating safety/compliance risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The example assembles inputs with f-strings and does not quote or validate filenames before embedding them into a shell command. In a skill that handles uploaded media files and user-supplied clip names, this omission can lead readers or downstream code to reuse an unsafe pattern that permits command injection.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation provides a ready-to-copy example that executes a dynamically constructed ffmpeg command without warning readers that command execution becomes unsafe when inputs are not strictly controlled. In a media-editing skill, users are likely to adapt this pattern to real uploaded filenames and parameters, so the example can propagate insecure practices and lead to command injection in downstream implementations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.