libtv-skills

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed LibTV media-generation integration that uses a LibTV access key, sends prompts or selected media to LibTV, and saves generated results locally.

Install this only if you intend to use LibTV for AI image or video work. Use a LibTV key you are comfortable granting to the skill, do not set OPENAPI_IM_BASE or IM_BASE_URL to an untrusted host, avoid uploading sensitive media unless you accept third-party processing, and choose an output directory if you need control over where generated files are saved.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Tainted flow: 'req' from os.environ.get (line 60, credential/environment) → urllib.request.urlopen (network output)

Critical

Category: Data Flow
Content: headers=_headers(), ) try: with urllib.request.urlopen(req, timeout=30) as resp: return json.loads(resp.read().decode("utf-8")) except urllib.error.HTTPError as e: err_body = e.read().decode("utf-8") if e.fp else ""
Confidence: 96% confidence
Finding: with urllib.request.urlopen(req, timeout=30) as resp:

Tainted flow: 'req' from os.environ.get (line 60, credential/environment) → urllib.request.urlopen (network output)

Critical

Category: Data Flow
Content: url = f"{IM_BASE.rstrip('/')}{path}" req = urllib.request.Request(url, method="GET", headers=_headers()) try: with urllib.request.urlopen(req, timeout=30) as resp: return json.loads(resp.read().decode("utf-8")) except urllib.error.HTTPError as e: err_body = e.read().decode("utf-8") if e.fp else ""
Confidence: 96% confidence
Finding: with urllib.request.urlopen(req, timeout=30) as resp:

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill declares no explicit permissions, yet its metadata and documented workflows require environment access, Python execution, and outbound network operations to third-party services. This creates a transparency and governance gap: reviewers or policy engines may treat the skill as lower-privilege than it really is, increasing the chance of unintended secret use or network/file side effects.

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger text is extremely broad and repeatedly says the skill must activate for essentially any image/video creation or editing request. Overbroad mandatory triggering can cause the agent to invoke a networked, file-capable skill in situations where the user did not clearly consent to external processing, uploads, or side effects, especially when a request is ambiguous or only tangentially related.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly documents downloading generated image/video results to local storage, but does not present this as a user-consent step with clear warning about filesystem changes. Automatic writes can consume disk space, create privacy exposure, and store potentially sensitive or unsafe content on the host without the user's explicit approval.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The workflow mandates automatic download after generation as part of the standard path, again without an explicit warning about local filesystem side effects. In context, this is more dangerous because the skill also handles uploaded user media and generated outputs, so silent persistence to disk can unexpectedly retain sensitive assets and increase the blast radius of misuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal