vss-deploy-video-embedding
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill provides legitimate deployment and operational guidance for the VSS Video Embedding microservice.\n- [EXTERNAL_DOWNLOADS]: The skill pulls container images from nvcr.io and model weights from huggingface.co. These are verified, well-known sources for NVIDIA AI services.\n- [COMMAND_EXECUTION]: Shell commands provided for Docker Compose operations and API verification are necessary for the skill's documented purpose. Administrative tasks like directory ownership management use sudo -n to ensure non-interactive execution.\n- [CREDENTIALS_UNSAFE]: The skill correctly manages sensitive credentials such as NGC_API_KEY and HF_TOKEN using environment variables and placeholders rather than hardcoding values.\n- [DATA_EXFILTRATION]: Documentation includes a specific security warning and mitigation steps for the file:// URI scheme to prevent unauthorized local file access through the service API.
Audit Metadata