vss-generate-video-calibration

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads and installs the 'uv' package manager using curl -LsSf https://astral.sh/uv/install.sh | sh. While this pattern involves executing a remote script, the source (astral.sh) is a well-known and reputable provider of Python tooling. This is found in references/sample-dataset.md and references/deploy-auto-calibration-service.md.
  • [EXTERNAL_DOWNLOADS]: Fetches sample datasets and models from trusted and well-known sources, including NVIDIA's official GitHub repository (github.com/NVIDIA-AI-IOT) and Hugging Face (huggingface.co), as part of the installation and verification process.
  • [COMMAND_EXECUTION]: Uses docker compose, docker exec, and docker pull to manage the lifecycle of the AutoMagicCalib microservice and UI containers. These operations are restricted to the local host and specified deployment profiles.
  • [DATA_EXFILTRATION]: In references/rtsp.md, the skill performs internal network operations with ssl_verify: false. This disables SSL certificate validation for requests to the local microservice API, which is a common practice for internal service-to-service communication but is noted as a security configuration detail.
  • [SAFE]: The skill processes user-provided inputs such as video files, RTSP URLs, and JSON settings files. It includes basic validation logic (e.g., file existence and count checks) and relies on the backend microservice for deeper data validation, which is typical for this type of integration.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:36 PM
Security Audit — agent-trust-hub — vss-generate-video-calibration