Skill Trust Decision

video-to-text

Name: video-to-text Trust Review Report
Item: video-to-text
Rating: 55
Author: ClawSafe

The skill has significant doc-to-code mismatch with undeclared shell execution via execSync and undeclared filesystem writes, though the underlying functionality appears legitimate for video transcription.

Install decision first Source: Manual upload Scanned: Apr 3, 2026

Files 6

Artifacts 4

Violations 2

Findings 4

Most direct threat evidence

Why this conclusion was reached

1/4 dimensions flagged

Block

Declared vs actual capability

2 undeclared or violating capabilities were inferred.

Review

Hidden execution and egress

4 lower-risk artifacts were extracted and still need context.

Pass

Attack chain and severe findings

There is no explicit malicious chain in the report.

Pass

Dependencies and supply chain hygiene

Dependencies are present but no obvious high-risk issue stands out.

What drove the risk score up

Undeclared shell execution +20

SKILL.md does not mention execSync usage in tool.js; only declares the video_to_text tool interface

Undeclared filesystem writes +10

Downloads files to os.tmpdir() without declaring filesystem:WRITE capability

Command injection risk pattern +10

execSync(args.join(' ')) pattern is dangerous; args are joined to string before execution

Hidden credential handling +5

Python script accepts --api-key for AssemblyAI but not declared in SKILL.md

Most important evidence

Medium

Undeclared subprocess execution via execSync

tool.js uses child_process.execSync() to execute shell commands but SKILL.md only declares the tool interface without mentioning this implementation detail.

tool.js:24

Declare shell:WRITE capability in _meta.json tools section, or refactor to use child_process.spawn() with explicit argument arrays to avoid string injection risk.

Medium

Command injection risk pattern

The execSync(args.join(' ')) pattern joins array elements into a single string before execution. While currently safe (URLs are passed as separate array items), this pattern is fragile and could become exploitable if parameters are modified.

tool.js:24

Use child_process.spawn() with explicit argument array instead of execSync with string joining.

Low

Undeclared filesystem write to temp directory

index.js downloads files to os.tmpdir() using fs.createWriteStream but this filesystem:WRITE usage is not declared in SKILL.md.

index.js:44

Add filesystem:WRITE to declared capabilities in _meta.json or document this behavior in SKILL.md.

Low

Hidden credential parameter in Python script

scripts/video2text.py accepts --api-key parameter for AssemblyAI but this capability is not documented in SKILL.md.

scripts/video2text.py:64

Document API key support in SKILL.md or remove if not needed.

Declared capability vs actual capability

Network Pass

Declared READ

→

Inferred READ

SKILL.md mentions API calls to api.myshell.ai and api.openai.com

Shell Block

Declared NONE

→

Inferred WRITE

tool.js:24 - execSync(args.join(' '))

Filesystem Block

Declared NONE

→

Inferred WRITE

index.js:44 - fs.createWriteStream(tempFile), index.js:103 - fs.unlink()

Environment Pass

Declared NONE

→

Inferred NONE

No os.environ access detected

Suspicious artifacts and egress

Medium External URL

https://api.myshell.ai/v1/audio/transcriptions

SKILL.md:53

Medium External URL

https://api.assemblyai.com/v2/upload

scripts/video2text.py:49

Medium External URL

https://api.assemblyai.com/v2/transcript

scripts/video2text.py:58

Medium External URL

https://api.assemblyai.com/v2/transcript/

scripts/video2text.py:69

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
node	`system`	system	No	Required runtime, no vulnerability scanning applicable

File composition

6 files · 602 lines

JavaScript 2 files · 328 linesPython 1 files · 141 linesJSON 2 files · 70 linesMarkdown 1 files · 63 lines

Files of concern · 4

index.js JavaScript · 252 lines

Undeclared filesystem write to temp directory

scripts/video2text.py Python · 141 lines

Hidden credential parameter in Python script · https://api.assemblyai.com/v2/upload · https://api.assemblyai.com/v2/transcript · https://api.assemblyai.com/v2/transcript/

SKILL.md Markdown · 63 lines

https://api.myshell.ai/v1/audio/transcriptions

tool.js JavaScript · 76 lines

Undeclared subprocess execution via execSync · Command injection risk pattern

Other files · _meta.json · package.json

Security positives

No evidence of credential exfiltration or data theft

No base64-encoded payloads or obfuscated code

No attempts to access ~/.ssh, ~/.aws, or other sensitive paths

No curl|bash remote script execution

No hidden instructions in comments or HTML

Legitimate video transcription functionality with documented API endpoints

Proper file cleanup after processing (fs.unlink)