vss-search-archive
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curl,jq, anddockerto interact with the VSS REST API and manage containers. These operations are limited to the user-provided$HOST_IPand are essential for the skill's purpose of indexing and searching video content. The execution is guided by strict workflows that require manual verification of endpoints and source existence. - [EXTERNAL_DOWNLOADS]: Downloads video screenshots and metadata from the VSS backend (
screenshot_url) for result verification. These references are localized to the user-specified infrastructure and do not connect to unauthorized remote servers. It also provides instructions for downloading official sample data from the NVIDIA NGC registry. - [SAFE]: No malicious patterns such as hardcoded credentials, code obfuscation, or persistence mechanisms were identified. The skill correctly identifies sensitive inputs (API keys) and expects them to be provided via environment variables rather than being stored within the skill files. The author correctly identifies as NVIDIA's VSS team and the functionality aligns with the provided description.
Audit Metadata