Skills
skills/t0ugh/videoclaw/video-i2v/Socket

video-i2v

Warn

Audited by Socket on May 12, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the stated purpose is coherent, but the skill's functionality relies almost entirely on installing and running an external, lightly verifiable CLI from PyPI via unpinned `uvx`. There is no explicit credential theft or malicious endpoint, so this is not confirmed malware, but install trust and opaque downstream data handling create medium security risk.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
May 12, 2026, 08:41 AM
Package URL
pkg:socket/skills-sh/T0UGH%2Fvideoclaw%2Fvideo-i2v%2F@0198a2fe3eaf673107f0d86de43caac213c39d33
Security Audit — socket — video-i2v