jianying-editor
Fail
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The
README.mdfile promotes an unsafe installation pattern by instructing users to run a PowerShell command (irm is.gd/rpb65M | iex) that downloads and executes code from a link shortener, posing a major risk of arbitrary code execution. - [DATA_EXFILTRATION]: The skill performs sensitive local data access to support its synchronization and voice generation features:
scripts/sync_jy_assets.pyscrapes the user's%LOCALAPPDATA%directory to find and read JianYing's internal SQLite databases (rp.db) to synchronize asset metadata.scripts/universal_tts.pyharvests authentication-related parameters such asdevice_idandiidby searching through the application's local log files in the user profile.- [COMMAND_EXECUTION]: Several components execute arbitrary system commands via the
subprocessmodule: scripts/utils/media_normalizer.pyandtools/recording/recorder.pyinvokeffmpegfor video conversion and screen recording operations.scripts/api_validator.pyandscripts/sync_jy_assets.pyexecuteffprobeto determine media attributes and durations.examples/robust_auto_export.pyprogrammatically identifies and launches the JianYing application executable using paths found in the Windows Registry.- [EXTERNAL_DOWNLOADS]: The skill handles external data and software downloads with insufficient security controls:
scripts/cloud_manager.pydownloads media assets from remote URLs discovered in logs or databases. While it implements protection for private IP addresses, the download sources themselves are unverified.README.mdprovides an external download link for a specific version of the JianYing application executable via a third-party file-sharing service (pan.quark.cn).scripts/universal_tts.pyincludes logic to explicitly disable TLS certificate verification (ssl.CERT_NONE) during network operations if an environment variable is set, increasing susceptibility to man-in-the-middle attacks.
Recommendations
- AI detected serious security threats
Audit Metadata