Trust Assessment
ai-video-gen received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 24 findings: 7 critical, 8 high, 6 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Unsafe environment variable passthrough, Arbitrary command execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings24
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints Python requests POST/PUT to URL Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/rhanbourinajd/ai-video-gen/generate_video.py:106 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/rhanbourinajd/ai-video-gen/add_voiceover.py:70 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/rhanbourinajd/ai-video-gen/generate_video.py:180 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/rhanbourinajd/ai-video-gen/images_to_video.py:47 | |
| CRITICAL | Credential harvesting Reading well-known credential environment variables Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Manifest | skills/rhanbourinajd/ai-video-gen/add_voiceover.py:18 | |
| CRITICAL | Credential harvesting Reading well-known credential environment variables Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Manifest | skills/rhanbourinajd/ai-video-gen/generate_video.py:19 | |
| CRITICAL | Command Injection via FFmpeg -safe 0 with user-controlled file list The `images_to_video.py` script constructs a file list (`filelist.txt`) containing user-provided image paths. This file list is then passed to `ffmpeg` using the `-f concat -safe 0` options. The `-safe 0` flag explicitly disables safety checks for the concat demuxer, allowing special characters in filenames to be interpreted by FFmpeg. If a malicious user provides an image path containing characters like single quotes, semicolons, or other shell metacharacters (e.g., `image.png'; rm -rf / #`), these can break out of the quoted path in the file list and inject arbitrary FFmpeg commands or even shell commands, leading to remote code execution. Sanitize user-provided image paths before writing them to `filelist.txt`. A robust solution would be to escape all special characters or, even better, avoid using `-safe 0` and ensure paths are properly quoted and handled by `ffmpeg`'s default safe mode. If `-safe 0` is strictly necessary, implement rigorous input validation and escaping for all path components written to the file list. Consider using `shlex.quote()` if paths are to be interpreted by a shell, though for `ffmpeg`'s concat demuxer, careful escaping of single quotes and other special characters within the file list itself is paramount. | LLM | images_to_video.py:30 | |
| HIGH | Unsafe environment variable passthrough Access to well-known credential environment variables Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough. | Manifest | skills/rhanbourinajd/ai-video-gen/add_voiceover.py:18 | |
| HIGH | Unsafe environment variable passthrough Access to well-known credential environment variables Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough. | Manifest | skills/rhanbourinajd/ai-video-gen/generate_video.py:19 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'add_audio_to_video'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/rhanbourinajd/ai-video-gen/add_voiceover.py:70 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'combine_video_audio'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/rhanbourinajd/ai-video-gen/generate_video.py:180 | |
| HIGH | Potential data exfiltration: file read + network send Function 'generate_image_openai' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/rhanbourinajd/ai-video-gen/generate_video.py:54 | |
| HIGH | Potential data exfiltration: file read + network send Function 'generate_image_replicate' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/rhanbourinajd/ai-video-gen/generate_video.py:81 | |
| HIGH | Potential data exfiltration: file read + network send Function 'image_to_video_luma' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/rhanbourinajd/ai-video-gen/generate_video.py:136 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'images_to_video'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/rhanbourinajd/ai-video-gen/images_to_video.py:47 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/rhanbourinajd/ai-video-gen/generate_video.py:12 | |
| MEDIUM | Unpinned Python dependency version Requirement 'openai>=1.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/rhanbourinajd/ai-video-gen/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'replicate>=0.20.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/rhanbourinajd/ai-video-gen/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'requests>=2.31.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/rhanbourinajd/ai-video-gen/requirements.txt:3 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pillow>=10.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/rhanbourinajd/ai-video-gen/requirements.txt:4 | |
| MEDIUM | Unpinned Python dependency version Requirement 'python-dotenv>=1.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/rhanbourinajd/ai-video-gen/requirements.txt:5 | |
| LOW | Subprocess execution with user-controlled paths The `add_voiceover.py` and `generate_video.py` scripts execute `ffmpeg` using `subprocess.run` with arguments that include user-controlled file paths (e.g., `video_path`, `audio_path`, `output_path`). While `subprocess.run` with a list of arguments is generally safer than a shell string, a highly sophisticated attack involving specially crafted filenames could potentially exploit vulnerabilities in `ffmpeg`'s parsing of these paths, though the risk is low given standard `ffmpeg` behavior. Implement strict validation and sanitization for all user-provided file paths, even when passed as list arguments to `subprocess.run`. Ensure paths conform to expected formats and do not contain unexpected characters. While the risk is low, it's good practice to minimize any potential for command manipulation. | LLM | add_voiceover.py:34 | |
| INFO | Access to API Keys via Environment Variables The skill accesses multiple API keys (OPENAI_API_KEY, REPLICATE_API_TOKEN, LUMAAI_API_KEY, RUNWAY_API_KEY, ELEVENLABS_API_KEY) from environment variables or `.env` files. This is standard practice for skill functionality but highlights the skill's reliance on and access to sensitive credentials. Ensure API keys are stored securely (e.g., in a secrets manager) and accessed with the principle of least privilege. Avoid hardcoding keys directly in code. This finding is informational as it's necessary for the skill's operation. | LLM | generate_video.py:14 | |
| INFO | Unpinned dependencies in requirements.txt The `requirements.txt` file specifies minimum versions for dependencies (e.g., `openai>=1.0.0`) rather than exact versions. This can lead to non-deterministic builds, where installing the skill at different times might pull in different versions of libraries. Newer versions could introduce breaking changes, security vulnerabilities, or unexpected behavior not present in the version the skill was developed against. Pin all dependencies to exact versions (e.g., `openai==1.14.0`) to ensure reproducible installations. Use a tool like `pip freeze > requirements.txt` after developing and testing the skill in a clean environment, or manually specify exact versions. Regularly audit and update dependencies to mitigate known vulnerabilities. | LLM | requirements.txt:1 |
Scan History
Embed Code
[](https://skillshield.io/report/c1bec61149192b20)
Powered by SkillShield