短视频脚本创作

Security checks across malware telemetry and agentic risk

Overview

This is mostly a local video-script generator, but one helper has under-scoped local save/show behavior and quiet history logging that users should review before installing.

Install only if you are comfortable with local bash/python helpers that keep a local history and saved drafts. Avoid sensitive topics or proprietary drafts unless local retention is acceptable, and avoid the save/show management commands with anything except simple filenames until path validation is fixed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill persists user-provided content to disk via save and records command usage to a history log without prominent disclosure or consent. In an agent environment, users may provide sensitive prompts, drafts, or proprietary content expecting ephemeral processing, so silent persistence increases privacy and data-retention risk, especially on shared systems or when data directories are synced/backed up.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal