Back to skill

Security audit

Skill Tiktok Video Pipeline

Security checks across malware telemetry and agentic risk

Overview

This is a plausible TikTok video-generation skill, but it needs review because it runs user-influenced shell commands and has under-declared external skill dependencies.

Install only in a contained workspace and do not pass untrusted captions, model names, language values, product IDs, or file paths. Prefer waiting for a version that replaces bash -lc with argument-array subprocess calls, validates ffmpeg filter values, and clearly declares all external skill dependencies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
]

    print(f"Running ffmpeg overlay...")
    result = subprocess.run(cmd, capture_output=True, text=True)
    if result.returncode != 0:
        print(f"ERROR:\n{result.stderr}", file=sys.stderr)
        sys.exit(result.returncode)
Confidence
82% confidence
Finding
result = subprocess.run(cmd, capture_output=True, text=True)

Tp4

High
Category
MCP Tool Poisoning
Confidence
87% confidence
Finding
The skill description materially understates behavior by documenting a simple Veo/script pipeline while also referencing image-based generation, alternate generation backends/fallbacks, slow-motion processing, and product-config driven behavior. This mismatch is dangerous because operators may authorize or run the skill under false assumptions, increasing the chance of unexpected external API use, undisclosed file access, or unreviewed processing paths.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The helper runs dynamically constructed command strings through `bash -lc`, which expands shell metacharacters and turns otherwise ordinary user-controlled values into executable shell syntax. In this file, inputs such as `--veo-model`, numeric `--segments`, and other interpolated arguments are inserted into shell commands, so an attacker can achieve command injection and execute arbitrary programs with the agent's privileges.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/generate.js:71