byted-vod-process-tools
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed to perform legitimate audio and video processing tasks such as stitching, clipping, and AI-based enhancement using official Bytedance/Volcengine VOD APIs. All network communication is directed to trusted vendor domains (volcengineapi.com and volcvod.com).
- [DATA_EXPOSURE]: The skill implements a directory whitelist for local file uploads in
scripts/upload_media.py. It restricts access toworkspace/,userdata/, and/tmpdirectories, effectively preventing unauthorized access to sensitive system files. - [CREDENTIALS_SAFE]: Authentication secrets (AccessKey/SecretKey) are managed through environment variables and are correctly identified as secrets in the SKILL.md frontmatter. No hardcoded credentials were found in the source code.
- [COMMAND_EXECUTION]: While the skill uses shell commands to invoke its internal processing scripts, it uses structured JSON for parameter passing and includes input validation (e.g., checking video durations and file extensions) to ensure safe execution.
- [REMOTE_CODE_EXECUTION]: The skill does not perform any dynamic code execution from untrusted sources. Its operations are limited to submitting tasks to a secure cloud-based media processing platform.
Audit Metadata