byted-mediakit-shared
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
@volcengine/mediakit-clipackage via the NPM registry. This package is an official tool provided by the vendor for media processing tasks. - [COMMAND_EXECUTION]: The skill utilizes shell permissions to execute
mediakit-clicommands. These commands are used for initializing the environment, managing configurations, and performing media processing tasks such as video editing. - [CREDENTIALS_UNSAFE]: The skill describes the use of
MEDIAKIT_API_KEYand a configuration file located at~/.mediakit/config.jsonfor API authentication. These are standard practices for CLI tools, and no actual secrets or keys are hardcoded within the skill files. - [DATA_EXFILTRATION]: The skill documents how media resources (URLs or local paths) are handled. Local files are uploaded to the vendor's cloud infrastructure (
mediakit://storage) only when explicitly using cloud-based processing tools, which is consistent with the tool's intended purpose.
Audit Metadata