Images & videos generation with Gemini 3 Pro Image + Qwen Wan 2.6 (video) via one API key

Security checks across malware telemetry and agentic risk

Overview

This is a coherent media-generation skill that sends user prompts to AIsa and saves generated images or videos locally as described.

Install only if you are comfortable sending prompts, reference image URLs, and bearer-authenticated requests to AIsa. Use a revocable API key where possible, avoid confidential prompts or private image URLs, and choose output paths carefully because generated media downloads can overwrite files and may be large.

SkillSpector

By NVIDIA

Vulnerability Patterns

Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tainted flow: 'req' from os.environ.get (line 65, credential/environment) → urllib.request.urlopen (network output)

Critical

Category: Data Flow
Content: os.makedirs(os.path.dirname(out_path) or ".", exist_ok=True) req = urllib.request.Request(url, headers={"User-Agent": "OpenClaw-Media-Gen/1.0"}) try: with urllib.request.urlopen(req, timeout=timeout_s) as resp, open(out_path, "wb") as f: total = 0 while True: chunk = resp.read(1024 * 1024) # 1MB
Confidence: 85% confidence
Finding: with urllib.request.urlopen(req, timeout=timeout_s) as resp, open(out_path, "wb") as f:

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal