中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 0/100
Last scan:2 days ago Rescan
0 /100
reelsmith
Create short-form vertical video packages, preview reels, narrated reels, and AI-video workflows
Reelsmith is a legitimate video content creation skill that uses standard tools (ffmpeg subprocess, OpenAI API, LTX API) for video preview generation, TTS narration, and AI video synthesis. All capabilities are properly documented in SKILL.md.
Skill Namereelsmith
Duration21.5s
Enginepi
Safe to install
This skill is safe to use. The declared permissions (shell:WRITE via ffmpeg subprocess, filesystem:WRITE for temp/output files, network:READ via API calls) align with its documented video production functionality.
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned All scripts write to temp dirs and output paths; all documented in SKILL.md
Shell WRITE WRITE ✓ Aligned subprocess.run calls to ffmpeg in make_reel_preview.py, make_reel_preview_with_o…
Network READ READ ✓ Aligned POST to ltx.video API (ltx_text_to_video.py), OpenAI API calls (openai_tts.py) -…
Environment READ READ ✓ Aligned OPENAI_API_KEY and LTX_API_KEY only; documented in SKILL.md
1 findings
🔗
Medium External URL 外部 URL
https://api.ltx.video/v1/text-to-video
scripts/ltx_text_to_video.py:8

File Tree

7 files · 18.0 KB · 583 lines
Python 6f · 346L Markdown 1f · 237L
├─ 📁 scripts
│ ├─ 🐍 ltx_text_to_video.py Python 45L · 1.2 KB
│ ├─ 🐍 make_reel_preview_with_opener.py Python 66L · 2.5 KB
│ ├─ 🐍 make_reel_preview.py Python 60L · 2.2 KB
│ ├─ 🐍 make_visual_reel_preview.py Python 115L · 3.9 KB
│ ├─ 🐍 mux_reel_audio.py Python 21L · 549 B
│ └─ 🐍 openai_tts.py Python 39L · 1.0 KB
└─ 📝 SKILL.md Markdown 237L · 6.6 KB

Security Positives

✓ All capabilities declared in SKILL.md match actual implementation
✓ No obfuscation, base64, or encoded payloads found
✓ No credential exfiltration - API keys only used for authenticated API calls
✓ No sensitive path access (~/.ssh, ~/.aws, .env) beyond declared env vars
✓ No reverse shells, C2, or data theft patterns
✓ subprocess usage is limited to ffmpeg for legitimate video processing
✓ API endpoints are well-known services (ltx.video, api.openai.com)
✓ Temporary files created in system temp directory with prefixes
✓ No unsigned/unversioned external dependencies