Short Video Script Creator

Security checks across malware telemetry and agentic risk

Overview

This script-writing skill is purpose-related, but it uses a hard-coded API key, can send user document contents to an undisclosed external AI service, and stores full prompts locally.

Review carefully before installing. Use this only with documents you are allowed to send to the configured external AI service, remove and rotate the embedded API key, and prefer a version that names the provider, asks before network transmission, uses user-supplied credentials, and lets you choose or clear the output directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill documentation indicates the ability to read user-supplied files, write outputs locally, and optionally call an external model, yet no explicit permission model or disclosure is declared. This is dangerous because users may provide sensitive business documents under the assumption of local-only processing, while the skill has broader data-handling capabilities than are transparently communicated.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: This is a genuine security and privacy issue because the skill's stated purpose is content generation, but the analyzed behavior includes sending all user-provided material to a third-party API, using a hardcoded API key, and writing prompts/results to a fixed local directory. That combination can expose confidential documents, create credential leakage risk, and leave sensitive artifacts on disk without clear user awareness or control.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill writes the fully assembled prompt and, optionally, the generated output to a fixed local directory under the user's profile. Because the prompt is built from user-supplied files such as meeting notes, product documents, competitor scripts, and historical materials, this creates undisclosed local persistence of potentially sensitive business data beyond what a user may expect from a script-generation tool.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The code transmits assembled prompts and file-derived content to an external API endpoint, but the skill description does not disclose this network behavior. Since the uploaded materials can include sensitive internal documents, this is a data-exposure risk, especially because users may reasonably assume a local document-processing skill from the manifest.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: A hard-coded bearer token is embedded directly in source code. This exposes the credential to anyone with code access, enables unauthorized use of the external service, and prevents safe rotation and environment separation.

Natural-Language Policy Violations

Medium

Confidence: 91% confidence
Finding: The file content is entirely in Chinese and assumes Chinese output without any visible mechanism for honoring a user's language preference. This can cause unsafe or misleading behavior in multilingual environments by overriding user intent, reducing accessibility, and increasing the chance of misunderstanding downstream instructions or outputs.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The embedded API key is a sensitive secret present in plaintext with no user disclosure and no protection mechanism. If the repository, package, logs, or screenshots are shared, the credential can be abused to access or bill against the associated account.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The code sends prompt content and data extracted from local files to an external model endpoint without a clear warning or consent step. In this skill's context, those files may contain proprietary product details, meeting notes, and historical copy, so undisclosed transmission materially increases confidentiality and compliance risk.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal