Scan Report
5 /100
tracked-video-analysis
Analyze local or linked video files and convert them into structured summaries of features, functions, workflows, or topics
Legitimate video transcription skill with transparent subprocess usage for ffmpeg/ffprobe and model downloads from HuggingFace, no suspicious behavior detected.
Safe to install
This skill is safe to use. No security concerns requiring action.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md line 17: tmp/video_analysis/ working directory |
| Network | READ | READ | ✓ Aligned | transcribe_tracked_light.mjs:28: Xenova/whisper-tiny from HuggingFace |
| Shell | WRITE | WRITE | ✓ Aligned | transcribe_tracked_light.mjs:34-35: execFileSync for ffmpeg/ffprobe |
| Environment | NONE | NONE | — | No environment variable access observed |
| Skill Invoke | NONE | NONE | — | No skill invocation found |
| Clipboard | NONE | NONE | — | No clipboard access found |
| Browser | NONE | NONE | — | No browser automation found |
| Database | NONE | NONE | — | No database access found |
File Tree
4 files · 15.7 KB · 463 lines Markdown 2f · 274L
Python 1f · 120L
JavaScript 1f · 69L
├─
▾
references
│ └─
pipeline.md
Markdown
├─
▾
scripts
│ ├─
final_structurer.py
Python
│ └─
transcribe_tracked_light.mjs
JavaScript
└─
SKILL.md
Markdown
Dependencies 4 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@xenova/transformers | latest | npm | No | Legitimate HuggingFace Transformers port for Node.js |
ffmpeg-static | latest | npm | No | Static ffmpeg binary for video processing |
ffprobe-static | latest | npm | No | Static ffprobe binary for video metadata |
wavefile | latest | npm | No | WAV file processing library |
Security Positives
✓ All subprocess calls are documented in SKILL.md
✓ Model download from HuggingFace is a legitimate AI/ML source
✓ File operations scoped to tmp/video_analysis/ as documented
✓ No credential access or environment variable harvesting
✓ No data exfiltration or C2 communication
✓ No obfuscation or base64-encoded execution
✓ Clean two-stage workflow with explicit status tracking
✓ No remote script execution (curl|bash patterns)
✓ Dependencies (@xenova/transformers, ffmpeg-static, wavefile) are standard ML/video processing tools