中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 0/100
Last scan:19 hr ago Rescan
0 /100
video-knowledge-ingest
Ingest and summarize cross-platform videos into a local knowledge base
This is a legitimate video knowledge ingestion skill that declares all its capabilities clearly in documentation and uses standard tools (yt-dlp, ffmpeg, Whisper, summarize) for their intended purposes without any hidden or malicious behavior.
Skill Namevideo-knowledge-ingest
Duration36.1s
Enginepi
Safe to install
This skill is safe to use. No security concerns identified.
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned SKILL.md declares 'local filesystem — persist transcript, summary, metadata, and…
Network READ READ ✓ Aligned SKILL.md declares 'yt-dlp — resolve metadata, fetch subtitles, or download media…
Shell WRITE WRITE ✓ Aligned SKILL.md declares 'yt-dlp', 'ffmpeg', 'whisper-gpu.sh', 'summarize --cli codex' …
4 findings
🔗
Medium External URL 外部 URL
https://www.youtube.com/watch?v=...
SKILL.md:80
🔗
Medium External URL 外部 URL
https://bilibili.com/video/BV...
SKILL.md:81
🔗
Medium External URL 外部 URL
https://www.xiaohongshu.com/explore/...
SKILL.md:82
🔗
Medium External URL 外部 URL
https://www.bilibili.com/video/...
references/troubleshooting.md:36

File Tree

7 files · 30.2 KB · 882 lines
Python 2f · 541L Markdown 3f · 319L Shell 2f · 22L
├─ 📁 references
│ ├─ 📝 toolchain.md Markdown 86L · 2.1 KB
│ └─ 📝 troubleshooting.md Markdown 116L · 3.3 KB
├─ 📁 scripts
│ ├─ 🐍 video_ingest.py Python 366L · 13.5 KB
│ ├─ 🔧 video-ingest.sh Shell 4L · 151 B
│ ├─ 🐍 whisper_gpu_transcribe.py Python 175L · 5.8 KB
│ └─ 🔧 whisper-gpu.sh Shell 18L · 565 B
└─ 📝 SKILL.md Markdown 117L · 4.8 KB

Security Positives

✓ All capabilities declared in SKILL.md match actual implementation
✓ Uses standard, well-known tools (yt-dlp, ffmpeg, faster-whisper) for documented purposes
✓ No credential harvesting or sensitive data exfiltration observed
✓ No obfuscation techniques (base64, eval, atob) detected
✓ No remote code execution patterns (curl|bash, wget|sh) found
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env) detected
✓ Proper subprocess handling with explicit command lists (no shell=True)
✓ URL parsing and normalization is well-structured with proper sanitization
✓ Documentation is thorough and accurate