Back to skill

Security audit

Mp4 To Gif

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward local MP4-to-GIF converter, with the main caution that it can overwrite an existing GIF output file.

Install ffmpeg from a trusted source and choose the output filename carefully, because an existing GIF at that path may be overwritten. The skill otherwise appears limited to local file conversion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script invokes ffmpeg with the `-y` flag and writes directly to the chosen output path, which will overwrite an existing GIF without prompting. In an agent skill context, output paths may be user-supplied or inferred automatically, so this can cause unintended data loss by replacing an existing file silently.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.