skills/aliyun/alibabacloud-aiops-skills/alibabacloud-maxframe-video-frame-pipeline/Gen Agent Trust Hub
alibabacloud-maxframe-video-frame-pipeline
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.runinscripts/frame_extraction_minimal.pyandreferences/frame_extraction.mdto executeffmpegandffprobefor video processing. This is a standard and expected part of the skill's functionality. The implementation follows best practices by using a list of arguments (avoiding shell interpolation) and includes validation to ensure input paths start with the authorized OSS root prefix. - [CREDENTIALS_UNSAFE]: The skill handles sensitive credentials including
ODPS_ACCESS_ID,ODPS_ACCESS_KEY,OSS_ACCESS_KEY_ID, andOSS_ACCESS_KEY_SECRET. The instructions and provided scripts correctly manage these by reading from environment variables viaos.environor.envfiles rather than hardcoding them. The requirement to pass OSS credentials in thestorage_optionsparameter for AI FUNC calls is explicitly documented as a technical requirement for the inference service to access data. - [DATA_EXFILTRATION]: While the skill performs network operations to Alibaba Cloud services (OSS, ODPS, and AI FUNC catalog endpoints), these are consistent with the skill's stated purpose and use official SDKs and authenticated endpoints. No unauthorized data exfiltration patterns were detected.
Audit Metadata