Scan Report
5 /100
anyvideos
Universal video downloader for YouTube, Twitter, Instagram, Facebook, and 1000+ sites
This is a straightforward video download skill that makes legitimate API calls to an external service using curl and ffmpeg - all behavior is documented in SKILL.md.
Safe to install
No action needed. The skill is a documentation-only file with clear, declared functionality.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | READ | ✓ Aligned | SKILL.md:131 - 'ls -lh output.mp4' to check file size |
| Network | READ | READ | ✓ Aligned | SKILL.md:64 - POST to anyvideos.yx.lu/api/extract |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:119-135 - curl downloads and ffmpeg merges documented |
| Environment | READ | READ | ✓ Aligned | SKILL.md:5-6 - requires ANYVIDEOS_API_KEY |
9 findings
Medium External URL 外部 URL
https://anyvideos.yx.lu SKILL.md:5 Medium External URL 外部 URL
https://anyvideos.yx.lu** SKILL.md:48 Medium External URL 外部 URL
https://anyvideos.yx.lu/api/extract SKILL.md:64 Medium External URL 外部 URL
https://direct-download-link.mp4 SKILL.md:81 Medium External URL 外部 URL
https://thumbnail.jpg SKILL.md:82 Medium External URL 外部 URL
https://anyvideos.yx.lu/dashboard/topup SKILL.md:105 Medium External URL 外部 URL
https://www.youtube.com/watch?v=dQw4w9WgXcQ SKILL.md:186 Medium External URL 外部 URL
https://twitter.com/user/status/123456 SKILL.md:189 Medium External URL 外部 URL
https://www.instagram.com/reel/ABC123/ SKILL.md:192 File Tree
1 files · 6.2 KB · 196 lines Markdown 1f · 196L
└─
SKILL.md
Markdown
Security Positives
✓ Documentation-only skill with no hidden executable code
✓ All network calls are to the declared anyvideos.yx.lu API
✓ Shell commands (curl, ffmpeg) are standard legitimate tools for video processing
✓ API key requirement is explicitly declared in metadata
✓ File operations are limited to downloading and cleanup as documented
✓ No credential harvesting beyond the user-provided API key
✓ No obfuscation, base64 encoding, or suspicious patterns detected
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)