扫描报告
5 /100
video-narration
Generate narration for silent screen-recording videos using Microsoft Edge neural TTS
Legitimate video narration skill that extracts frames, generates TTS via Microsoft Edge API, and merges audio—all declared and appropriate for the stated purpose.
可以安装
No security action required. This is a safe, documented video processing tool.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Unpinned edge-tts dependency 供应链 | SKILL.md:85 |
| 提示 | Missing allowed-tools section 文档欺骗 | SKILL.md:1 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | extract-frames.sh creates output directories and writes frame images |
| 命令执行 | READ | READ | ✓ 一致 | Scripts invoke ffmpeg and python3 for video/audio processing |
| 网络访问 | READ | READ | ✓ 一致 | edge-tts calls Microsoft Edge TTS API (edge-tts.azurewebsites.net) |
| 环境变量 | NONE | NONE | — | No environment variable access observed |
目录结构
4 文件 · 7.3 KB · 222 行 Shell 3f · 117L
Markdown 1f · 105L
├─
▾
scripts
│ ├─
extract-frames.sh
Shell
│ ├─
generate-tts.sh
Shell
│ └─
merge-audio.sh
Shell
└─
SKILL.md
Markdown
依赖分析 2 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
edge-tts | * | pip | 否 | No version pinned; official Microsoft TTS library |
ffmpeg | * | system | 否 | Video processing standard tool |
安全亮点
✓ All functionality is declared in SKILL.md with no hidden behavior
✓ Uses legitimate, well-known tools (ffmpeg, edge-tts)
✓ No credential harvesting or sensitive file access
✓ No network exfiltration or C2 communication
✓ No obfuscation techniques (base64, eval) or suspicious patterns
✓ Appropriate shell usage for video/audio processing tasks
✓ edge-tts is Microsoft's official open-source TTS library