vss-generate-video-calibration
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs the 'uv' package manager using
curl -LsSf https://astral.sh/uv/install.sh | sh. While this pattern involves executing a remote script, the source (astral.sh) is a well-known and reputable provider of Python tooling. This is found inreferences/sample-dataset.mdandreferences/deploy-auto-calibration-service.md. - [EXTERNAL_DOWNLOADS]: Fetches sample datasets and models from trusted and well-known sources, including NVIDIA's official GitHub repository (
github.com/NVIDIA-AI-IOT) and Hugging Face (huggingface.co), as part of the installation and verification process. - [COMMAND_EXECUTION]: Uses
docker compose,docker exec, anddocker pullto manage the lifecycle of the AutoMagicCalib microservice and UI containers. These operations are restricted to the local host and specified deployment profiles. - [DATA_EXFILTRATION]: In
references/rtsp.md, the skill performs internal network operations withssl_verify: false. This disables SSL certificate validation for requests to the local microservice API, which is a common practice for internal service-to-service communication but is noted as a security configuration detail. - [SAFE]: The skill processes user-provided inputs such as video files, RTSP URLs, and JSON settings files. It includes basic validation logic (e.g., file existence and count checks) and relies on the backend microservice for deeper data validation, which is typical for this type of integration.
Audit Metadata