扫描报告
5 /100
tracked-video-analysis
Analyze local or linked video files and convert them into structured summaries of features, functions, workflows, or topics
Legitimate video transcription skill with transparent subprocess usage for ffmpeg/ffprobe and model downloads from HuggingFace, no suspicious behavior detected.
可以安装
This skill is safe to use. No security concerns requiring action.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | WRITE | WRITE | ✓ 一致 | SKILL.md line 17: tmp/video_analysis/ working directory |
| 网络访问 | READ | READ | ✓ 一致 | transcribe_tracked_light.mjs:28: Xenova/whisper-tiny from HuggingFace |
| 命令执行 | WRITE | WRITE | ✓ 一致 | transcribe_tracked_light.mjs:34-35: execFileSync for ffmpeg/ffprobe |
| 环境变量 | NONE | NONE | — | No environment variable access observed |
| 技能调用 | NONE | NONE | — | No skill invocation found |
| 剪贴板 | NONE | NONE | — | No clipboard access found |
| 浏览器 | NONE | NONE | — | No browser automation found |
| 数据库 | NONE | NONE | — | No database access found |
目录结构
4 文件 · 15.7 KB · 463 行 Markdown 2f · 274L
Python 1f · 120L
JavaScript 1f · 69L
├─
▾
references
│ └─
pipeline.md
Markdown
├─
▾
scripts
│ ├─
final_structurer.py
Python
│ └─
transcribe_tracked_light.mjs
JavaScript
└─
SKILL.md
Markdown
依赖分析 4 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
@xenova/transformers | latest | npm | 否 | Legitimate HuggingFace Transformers port for Node.js |
ffmpeg-static | latest | npm | 否 | Static ffmpeg binary for video processing |
ffprobe-static | latest | npm | 否 | Static ffprobe binary for video metadata |
wavefile | latest | npm | 否 | WAV file processing library |
安全亮点
✓ All subprocess calls are documented in SKILL.md
✓ Model download from HuggingFace is a legitimate AI/ML source
✓ File operations scoped to tmp/video_analysis/ as documented
✓ No credential access or environment variable harvesting
✓ No data exfiltration or C2 communication
✓ No obfuscation or base64-encoded execution
✓ Clean two-stage workflow with explicit status tracking
✓ No remote script execution (curl|bash patterns)
✓ Dependencies (@xenova/transformers, ffmpeg-static, wavefile) are standard ML/video processing tools