Back to skill

Security audit

Video Producer

Security checks across malware telemetry and agentic risk

Overview

This video-generation skill is mostly aligned with its purpose, but it embeds shared MiniMax API keys and runs user-derived text through shell commands, which warrants review before use.

Review before installing. Use only in an isolated workspace, remove and rotate the embedded MiniMax keys, require your own credentials through environment variables, and replace shell-string execSync calls with argument-based execution before processing untrusted or sensitive text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The finding indicates the implemented skill does more than advertised: it hardcodes and uses MiniMax image/TTS API keys and includes self-modifying or patching behavior that rewrites source functions. Hardcoded credentials can be stolen and abused, while source-rewrite capability increases supply-chain and integrity risk because the skill can alter its own execution path outside the user's expectations.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script contains a live-looking hardcoded API key fallback and uses it to authenticate outbound requests. Hardcoded secrets are easily leaked via source control, logs, package distribution, or downstream reuse, enabling unauthorized use of the external service, billing abuse, and loss of control over the account.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script contains hardcoded third-party API credentials as fallback values, which exposes live secrets to anyone who can read the source, logs, package, or repository history. In an agent skill that automatically invokes external services, this can lead to unauthorized API use, billing abuse, and compromise of any data sent through those accounts.

Missing User Warnings

High
Confidence
99% confidence
Finding
Using hardcoded API keys as silent fallbacks means the skill will still transmit data and consume paid external services even when the operator has not explicitly configured credentials. This hides important trust and cost boundaries from the user and makes abuse easier because leaked built-in credentials are immediately usable.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill sends user-provided prompts and scene text to external image-generation and TTS services, but there is no explicit notice, consent flow, or data-minimization control. In this context, the tool processes arbitrary user content that may include proprietary, personal, or sensitive material, so undisclosed transmission increases privacy and compliance risk.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/produce.js:99