Scan Report
5 /100
video-narration
Generate narration for silent screen-recording videos using Microsoft Edge neural TTS
Legitimate video narration skill that extracts frames, generates TTS via Microsoft Edge API, and merges audio—all declared and appropriate for the stated purpose.
Safe to install
No security action required. This is a safe, documented video processing tool.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Low | Unpinned edge-tts dependency Supply Chain | SKILL.md:85 |
| Info | Missing allowed-tools section Doc Mismatch | SKILL.md:1 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | extract-frames.sh creates output directories and writes frame images |
| Shell | READ | READ | ✓ Aligned | Scripts invoke ffmpeg and python3 for video/audio processing |
| Network | READ | READ | ✓ Aligned | edge-tts calls Microsoft Edge TTS API (edge-tts.azurewebsites.net) |
| Environment | NONE | NONE | — | No environment variable access observed |
File Tree
4 files · 7.3 KB · 222 lines Shell 3f · 117L
Markdown 1f · 105L
├─
▾
scripts
│ ├─
extract-frames.sh
Shell
│ ├─
generate-tts.sh
Shell
│ └─
merge-audio.sh
Shell
└─
SKILL.md
Markdown
Dependencies 2 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
edge-tts | * | pip | No | No version pinned; official Microsoft TTS library |
ffmpeg | * | system | No | Video processing standard tool |
Security Positives
✓ All functionality is declared in SKILL.md with no hidden behavior
✓ Uses legitimate, well-known tools (ffmpeg, edge-tts)
✓ No credential harvesting or sensitive file access
✓ No network exfiltration or C2 communication
✓ No obfuscation techniques (base64, eval) or suspicious patterns
✓ Appropriate shell usage for video/audio processing tasks
✓ edge-tts is Microsoft's official open-source TTS library