扫描报告
0 /100
volcengine-ai-mediakit
火山引擎 AI MediaKit 音视频处理 Skill - Video/audio processing via Volcengine VOD APIs
Volcengine AI MediaKit skill is a legitimate video/audio processing tool that makes standard API calls to Volcengine VOD services with no malicious behavior detected.
可以安装
This skill is safe to use. Continue following standard security practices with credential management.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | upload_media.py:40 - Only reads files from workspace/, userdata/, /tmp with expl… |
| 网络访问 | WRITE | WRITE | ✓ 一致 | All requests go to vod.volcengineapi.com and Volcengine TOS storage endpoints |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution found |
| 环境变量 | READ | READ | ✓ 一致 | Only reads VOLCENGINE_* credential variables for API auth |
| 技能调用 | READ | READ | ✓ 一致 | Standard skill invocation pattern |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database access |
15 项发现
中危 外部 URL 外部 URL
https://www.volcengine.com/docs/4/76542?lang=zh references/00-billing-instructions.md:5 中危 外部 URL 外部 URL
https://www.volcengine.com/docs/4/1941016?lang=zh references/00-billing-instructions.md:7 中危 外部 URL 外部 URL
https://www.volcengine.com/docs/4/1941013?lang=zh references/00-billing-instructions.md:8 中危 外部 URL 外部 URL
https://www.volcengine.com/docs/4/177122 references/00-billing-instructions.md:10 中危 外部 URL 外部 URL
https://www.volcengine.com/docs/4/1941015?lang=zh references/00-billing-instructions.md:10 中危 外部 URL 外部 URL
https://www.volcengine.com/docs/4/76542?lang=zh#%E5%AD%98%E5%82%A8%E6%B5%81%E5%87%BA references/00-billing-instructions.md:11 中危 外部 URL 外部 URL
https://cdn.example.com/output.mp4 references/01-stitching.md:48 中危 外部 URL 外部 URL
https://cdn.example.com/output.m4a references/07-extract-audio.md:22 中危 外部 URL 外部 URL
https://cdn.example.com/voice.m4a references/10-voice-separation.md:23 中危 外部 URL 外部 URL
https://cdn.example.com/bg.m4a references/10-voice-separation.md:24 中危 外部 URL 外部 URL
https://cdn.example.com/segment_001.mp4 references/19-intelligent-slicing.md:24 中危 外部 URL 外部 URL
https://cdn.example.com/output.webm references/20-portrait-matting.md:24 中危 外部 URL 外部 URL
https://xxx.volcvod.com/xxx.mp4 references/22-comic-style.md:58 中危 外部 URL 外部 URL
https://www.volcengine.com/docs/4/1941013#%E8%A7%86%E9%A2%91-ai-%E5%BA%94%E7%94%A8 references/24-video-translation.md:73 中危 外部 URL 外部 URL
https://cdn.example.com/xxx/video.mp4?auth=xxx references/27-get-media-info.md:41 目录结构
69 文件 · 237.3 KB · 6859 行 Python 38f · 4574L
Markdown 30f · 2268L
Text 1f · 17L
├─
▾
references
│ ├─
00-billing-instructions.md
Markdown
│ ├─
00-detail.md
Markdown
│ ├─
01-stitching.md
Markdown
│ ├─
02-clipping.md
Markdown
│ ├─
03-flip.md
Markdown
│ ├─
04-speedup.md
Markdown
│ ├─
05-image-to-video.md
Markdown
│ ├─
06-compile.md
Markdown
│ ├─
07-extract-audio.md
Markdown
│ ├─
08-mix-audios.md
Markdown
│ ├─
09-add-sub-video.md
Markdown
│ ├─
10-voice-separation.md
Markdown
│ ├─
11-noise-reduction.md
Markdown
│ ├─
12-quality-enhance.md
Markdown
│ ├─
13-super-resolution.md
Markdown
│ ├─
14-interlacing.md
Markdown
│ ├─
15-asr-speech-to-text.md
Markdown
│ ├─
16-ocr-text-extract.md
Markdown
│ ├─
17-subtitle-removal.md
Markdown
│ ├─
18-add-subtitle.md
Markdown
│ ├─
19-intelligent-slicing.md
Markdown
│ ├─
20-portrait-matting.md
Markdown
│ ├─
21-green-screen.md
Markdown
│ ├─
22-comic-style.md
Markdown
│ ├─
23-highlight.md
Markdown
│ ├─
24-video-translation.md
Markdown
│ ├─
25-drama-recap.md
Markdown
│ ├─
26-drama-script.md
Markdown
│ └─
27-get-media-info.md
Markdown
├─
▾
scripts
│ ├─
add_subtitle.py
Python
│ ├─
api_manage.py
Python
│ ├─
asr_speech_to_text.py
Python
│ ├─
clipping.py
Python
│ ├─
comic_style.py
Python
│ ├─
compile.py
Python
│ ├─
drama_recap.py
Python
│ ├─
drama_script.py
Python
│ ├─
extract_audio.py
Python
│ ├─
flip.py
Python
│ ├─
get_media_info.py
Python
│ ├─
green_screen.py
Python
│ ├─
highlight.py
Python
│ ├─
image_to_video.py
Python
│ ├─
intelligent_slicing.py
Python
│ ├─
interlacing.py
Python
│ ├─
list_translation.py
Python
│ ├─
log_utils.py
Python
│ ├─
mix_audios.py
Python
│ ├─
noise_reduction.py
Python
│ ├─
ocr_text_extract.py
Python
│ ├─
poll_media.py
Python
│ ├─
poll_translation.py
Python
│ ├─
poll_vcreative.py
Python
│ ├─
portrait_matting.py
Python
│ ├─
quality_enhance.py
Python
│ ├─
speedup.py
Python
│ ├─
stitching.py
Python
│ ├─
subtitle_removal.py
Python
│ ├─
super_resolution.py
Python
│ ├─
upload_media.py
Python
│ ├─
video_translation.py
Python
│ ├─
vod_api_constants.py
Python
│ ├─
vod_common.py
Python
│ ├─
vod_local_upload.py
Python
│ ├─
vod_transport.py
Python
│ ├─
voice_separation.py
Python
│ └─
volc_request.py
Python
├─
LICENSE.txt
Text
└─
SKILL.md
Markdown
依赖分析 2 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
requests | * | pip | 否 | Version not pinned - consider pinning for reproducibility |
python-dotenv | * | pip | 否 | Version not pinned - consider pinning for reproducibility |
安全亮点
✓ No shell execution vectors (subprocess, os.system, popen, exec, eval, base64)
✓ No credential harvesting beyond documented Volcengine API keys
✓ No sensitive path access (no ~/.ssh, ~/.aws, .env exfiltration)
✓ No data exfiltration to third-party endpoints
✓ All network requests target official Volcengine VOD APIs only
✓ File upload has explicit path whitelist validation (workspace/, userdata/, /tmp)
✓ Comprehensive SKILL.md documentation matching implementation
✓ No hidden instructions, obfuscation, or concealed behavior
✓ Proper HMAC signature authentication for API requests
✓ No eval() or dynamic code execution