中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:2 days ago Rescan
5 /100
auto-video-cut
抖音/视频自动剪辑Skill - 自动识别视频中的废话、沉默片段,生成粗剪版本
Video auto-editing skill using FFmpeg and Whisper for silence detection and segment scoring. All capabilities are legitimate, documented, and necessary for the stated purpose. No malicious indicators found.
Skill Nameauto-video-cut
Duration28.0s
Enginepi
Safe to install
Approve for use. All subprocess calls are for documented CLI tools (FFmpeg, Whisper). File operations scoped to user-provided output directories. No credential access or data exfiltration detected.

Findings 2 items

Severity Finding Location
Low
Version mismatch between filename and internal version
The file is named video_editor_auto_v4.6.py but the script header and reports reference v4.7. This is cosmetic only and poses no security risk.
Video Auto Editor v4.7
→ Rename file to match version (v4.7) or update internal version string for consistency.
 video_editor_auto_v4.6.py:1
Info
openai-whisper dependency version not pinned
requirements.txt contains only 'openai-whisper' without a version constraint. While this is a known package, version pinning would improve reproducibility.
openai-whisper
→ Pin to a specific version, e.g., openai-whisper==20231117
 requirements.txt:1
ResourceDeclaredInferredStatusEvidence
Shell WRITE WRITE ✓ Aligned video_editor_auto_v4.6.py:85 - subprocess.run(ffmpeg/ffprobe)
Filesystem READ READ ✓ Aligned video_editor_auto_v4.6.py - reads input video, writes output/md reports
Filesystem WRITE WRITE ✓ Aligned video_editor_auto_v4.6.py - clip output, reports
Network NONE NONE No network calls detected
Environment NONE NONE No os.environ iteration for secrets
Skill Invoke NONE NONE No skill_invoke calls
Clipboard NONE NONE No clipboard access
Browser NONE NONE No browser automation
Database NONE NONE No database access
1 findings
🔗
Medium External URL 外部 URL
https://ffmpeg.org/download.html
SKILL.md:37

File Tree

10 files · 29.2 KB · 730 lines
Python 1f · 629L Markdown 1f · 87L Text 8f · 14L
├─ 📁 video_work
│ ├─ 📁 VID_20260318_064448
│ │ ├─ 📄 segment_0.txt Text 3L · 57 B
│ │ ├─ 📄 segment_1.txt Text 2L · 68 B
│ │ ├─ 📄 segment_2.txt Text 1L · 22 B
│ │ ├─ 📄 segment_4.txt Text 2L · 74 B
│ │ └─ 📄 segment_5.txt Text 3L · 84 B
│ └─ 📁 VID_20260318_064448_clip
│ ├─ 📄 segment_0.txt Text 1L · 4 B
│ └─ 📄 segment_1.txt Text 1L · 25 B
├─ 📄 requirements.txt Text 1L · 15 B
├─ 📝 SKILL.md Markdown 87L · 2.0 KB
└─ 🐍 video_editor_auto_v4.6.py Python 629L · 26.9 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
openai-whisper * pip No Version not pinned - minor reproducibility concern

Security Positives

✓ No credential harvesting - no access to ~/.ssh, ~/.aws, .env, or os.environ key iteration
✓ No data exfiltration - no external IP connections, no network POSTs of any kind
✓ No obfuscation techniques - no base64, no eval, no atob patterns
✓ No remote script execution - no curl|bash or wget|sh patterns
✓ No hidden instructions in HTML comments or elsewhere
✓ All subprocess calls are for documented, publicly-known CLI tools (FFmpeg, Whisper)
✓ File I/O scoped entirely to user-specified input/output directories
✓ Code is readable and well-structured with clear separation of concerns
✓ No sensitive file paths accessed (no ~/.ssh, ~/.aws, .env traversal)