中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:2 天前 重新扫描
5 /100
auto-video-cut
抖音/视频自动剪辑Skill - 自动识别视频中的废话、沉默片段,生成粗剪版本
Video auto-editing skill using FFmpeg and Whisper for silence detection and segment scoring. All capabilities are legitimate, documented, and necessary for the stated purpose. No malicious indicators found.
技能名称auto-video-cut
分析耗时28.0s
引擎pi
可以安装
Approve for use. All subprocess calls are for documented CLI tools (FFmpeg, Whisper). File operations scoped to user-provided output directories. No credential access or data exfiltration detected.

安全发现 2 项

严重性 安全发现 位置
低危
Version mismatch between filename and internal version
The file is named video_editor_auto_v4.6.py but the script header and reports reference v4.7. This is cosmetic only and poses no security risk.
Video Auto Editor v4.7
→ Rename file to match version (v4.7) or update internal version string for consistency.
 video_editor_auto_v4.6.py:1
提示
openai-whisper dependency version not pinned
requirements.txt contains only 'openai-whisper' without a version constraint. While this is a known package, version pinning would improve reproducibility.
openai-whisper
→ Pin to a specific version, e.g., openai-whisper==20231117
 requirements.txt:1
资源类型声明权限推断权限状态证据
命令执行 WRITE WRITE ✓ 一致 video_editor_auto_v4.6.py:85 - subprocess.run(ffmpeg/ffprobe)
文件系统 READ READ ✓ 一致 video_editor_auto_v4.6.py - reads input video, writes output/md reports
文件系统 WRITE WRITE ✓ 一致 video_editor_auto_v4.6.py - clip output, reports
网络访问 NONE NONE No network calls detected
环境变量 NONE NONE No os.environ iteration for secrets
技能调用 NONE NONE No skill_invoke calls
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE No browser automation
数据库 NONE NONE No database access
1 项发现
🔗
中危 外部 URL 外部 URL
https://ffmpeg.org/download.html
SKILL.md:37

目录结构

10 文件 · 29.2 KB · 730 行
Python 1f · 629L Markdown 1f · 87L Text 8f · 14L
├─ 📁 video_work
│ ├─ 📁 VID_20260318_064448
│ │ ├─ 📄 segment_0.txt Text 3L · 57 B
│ │ ├─ 📄 segment_1.txt Text 2L · 68 B
│ │ ├─ 📄 segment_2.txt Text 1L · 22 B
│ │ ├─ 📄 segment_4.txt Text 2L · 74 B
│ │ └─ 📄 segment_5.txt Text 3L · 84 B
│ └─ 📁 VID_20260318_064448_clip
│ ├─ 📄 segment_0.txt Text 1L · 4 B
│ └─ 📄 segment_1.txt Text 1L · 25 B
├─ 📄 requirements.txt Text 1L · 15 B
├─ 📝 SKILL.md Markdown 87L · 2.0 KB
└─ 🐍 video_editor_auto_v4.6.py Python 629L · 26.9 KB

依赖分析 1 项

包名版本来源已知漏洞备注
openai-whisper * pip Version not pinned - minor reproducibility concern

安全亮点

✓ No credential harvesting - no access to ~/.ssh, ~/.aws, .env, or os.environ key iteration
✓ No data exfiltration - no external IP connections, no network POSTs of any kind
✓ No obfuscation techniques - no base64, no eval, no atob patterns
✓ No remote script execution - no curl|bash or wget|sh patterns
✓ No hidden instructions in HTML comments or elsewhere
✓ All subprocess calls are for documented, publicly-known CLI tools (FFmpeg, Whisper)
✓ File I/O scoped entirely to user-specified input/output directories
✓ Code is readable and well-structured with clear separation of concerns
✓ No sensitive file paths accessed (no ~/.ssh, ~/.aws, .env traversal)