Kling

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Kie.ai video-generation wrapper, with the main consideration that prompts are sent to a third-party API using your KIE_API_KEY.

Install only if you are comfortable using your Kie.ai account through KIE_API_KEY. Do not include secrets, private client data, or sensitive personal information in video prompts unless sending that content to Kie.ai is acceptable, and monitor account credit usage.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill clearly sends user prompts to an external third-party video generation service (Kie.ai/Kling) and references use of a stored API key, but it does not disclose that user-provided content leaves the local environment. This creates a privacy and data-handling risk because operators may submit sensitive business or personal content without realizing it is transmitted to an outside vendor and may be logged, retained, or processed under that vendor's policies.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal