Scan Report
0 /100
oatda-video-status
Check the status of an asynchronous video generation task from OATDA
A straightforward video task status checker that reads a declared credentials file and calls a legitimate API endpoint using curl. No hidden functionality, obfuscation, or suspicious patterns detected.
Safe to install
Skill is safe to use. Ensure ~/.oatda/credentials.json permissions are restricted to the user only.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md reads ~/.oatda/credentials.json for API key |
| Network | READ | READ | ✓ Aligned | SKILL.md makes GET requests to https://oatda.com/api/v1/llm/video-status/<TASK_I… |
5 findings
Medium External URL 外部 URL
https://oatda.com SKILL.md:4 Medium External URL 外部 URL
https://oatda.com/api/v1/llm/video-status/ SKILL.md:40 Medium External URL 外部 URL
https://cdn.example.com/video.mp4 SKILL.md:52 Medium External URL 外部 URL
https://cdn.example.com/video-direct.mp4 SKILL.md:53 Medium External URL 外部 URL
https://oatda.com/api/v1/llm/video-status/minimax-T2V01-abc123 SKILL.md:88 File Tree
1 files · 3.6 KB · 101 lines Markdown 1f · 101L
└─
SKILL.md
Markdown
Security Positives
✓ No obfuscation (no base64, eval, or encoded strings)
✓ All network calls use domain names, not raw IPs
✓ No credential exfiltration - only reads local config file
✓ Simple GET request pattern - no suspicious POST payloads
✓ No hidden instructions in HTML comments or elsewhere
✓ No shell execution beyond declared curl/jq commands
✓ Credential access is explicitly declared and necessary for functionality