Trust Assessment
ai-video-gen received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 23 findings: 6 critical, 9 high, 7 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Unsafe environment variable passthrough, Arbitrary command execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings23
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints Python requests POST/PUT to URL Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hhhh124hhhh/ai-video-gen-tools/generate_video.py:106 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/hhhh124hhhh/ai-video-gen-tools/add_voiceover.py:70 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/hhhh124hhhh/ai-video-gen-tools/generate_video.py:180 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/hhhh124hhhh/ai-video-gen-tools/images_to_video.py:47 | |
| CRITICAL | Credential harvesting Reading well-known credential environment variables Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Manifest | skills/hhhh124hhhh/ai-video-gen-tools/add_voiceover.py:18 | |
| CRITICAL | Credential harvesting Reading well-known credential environment variables Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Manifest | skills/hhhh124hhhh/ai-video-gen-tools/generate_video.py:19 | |
| HIGH | Unsafe environment variable passthrough Access to well-known credential environment variables Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough. | Manifest | skills/hhhh124hhhh/ai-video-gen-tools/add_voiceover.py:18 | |
| HIGH | Unsafe environment variable passthrough Access to well-known credential environment variables Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough. | Manifest | skills/hhhh124hhhh/ai-video-gen-tools/generate_video.py:19 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'add_audio_to_video'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/hhhh124hhhh/ai-video-gen-tools/add_voiceover.py:70 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'combine_video_audio'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/hhhh124hhhh/ai-video-gen-tools/generate_video.py:180 | |
| HIGH | Potential data exfiltration: file read + network send Function 'generate_image_openai' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/hhhh124hhhh/ai-video-gen-tools/generate_video.py:54 | |
| HIGH | Potential data exfiltration: file read + network send Function 'generate_image_replicate' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/hhhh124hhhh/ai-video-gen-tools/generate_video.py:81 | |
| HIGH | Potential data exfiltration: file read + network send Function 'image_to_video_luma' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/hhhh124hhhh/ai-video-gen-tools/generate_video.py:136 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'images_to_video'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/hhhh124hhhh/ai-video-gen-tools/images_to_video.py:47 | |
| HIGH | FFmpeg concat demuxer path injection and arbitrary file access The `images_to_video.py` script constructs a temporary `filelist.txt` for `ffmpeg`'s concat demuxer. Image paths provided by the user are directly embedded into this file using `f"file '{Path(img).absolute()}'\n"` without proper escaping of special characters like single quotes or backslashes. The `ffmpeg` concat demuxer requires these characters to be escaped, making the current implementation vulnerable to parsing errors or unexpected behavior if a malicious path is provided. Furthermore, the `ffmpeg` command is invoked with the `-safe 0` flag, which disables a critical security feature that restricts file access to the current directory or its subdirectories. This combination allows `ffmpeg` to attempt to access and process arbitrary files on the system (e.g., `/etc/passwd`, `/root/.ssh/id_rsa`) if a malicious path is provided as an image input, posing a significant data exfiltration and system integrity risk. 1. **Escape paths**: Before writing to `filelist.txt`, ensure that any single quotes (`'`) and backslashes (`\`) in `Path(img).absolute()` are properly escaped with a backslash, as required by the `ffmpeg` concat demuxer. A helper function should be used for this. 2. **Remove `-safe 0`**: Re-enable `ffmpeg`'s default safe mode by removing the `-safe 0` flag. If access to files outside the current directory is genuinely required, implement strict validation and sanitization of all user-provided paths to prevent arbitrary file access. Consider using a temporary directory for all inputs and outputs to further isolate `ffmpeg` operations. | LLM | images_to_video.py:30 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/hhhh124hhhh/ai-video-gen-tools/generate_video.py:12 | |
| MEDIUM | Unpinned Python dependency version Requirement 'openai>=1.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/hhhh124hhhh/ai-video-gen-tools/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'replicate>=0.20.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/hhhh124hhhh/ai-video-gen-tools/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'requests>=2.31.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/hhhh124hhhh/ai-video-gen-tools/requirements.txt:3 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pillow>=10.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/hhhh124hhhh/ai-video-gen-tools/requirements.txt:4 | |
| MEDIUM | Unpinned Python dependency version Requirement 'python-dotenv>=1.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/hhhh124hhhh/ai-video-gen-tools/requirements.txt:5 | |
| MEDIUM | Unpinned dependencies in requirements.txt The `requirements.txt` file specifies minimum versions for dependencies (e.g., `openai>=1.0.0`) rather than exact versions. This practice can lead to non-deterministic builds, where installing the skill at different times might pull in different versions of libraries. Newer versions could introduce breaking changes, new vulnerabilities, or unexpected behavior, making the skill less stable and harder to audit for security over time. Pin all dependencies to exact versions (e.g., `openai==1.0.0`). Use `pip freeze > requirements.txt` in a known good environment to generate a fully pinned list. Regularly review and update these pinned versions. | LLM | requirements.txt:1 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/hhhh124hhhh/ai-video-gen-tools/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/764e9179f95c27f8)
Powered by SkillShield