Funai-skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent FunAI video-creation skill, but it gives agents live account-changing authority and includes an automatic external update path that users should review before installing.

Install only if you trust the publisher and the external FunAI setup/update endpoint. Require manual approval for any update, protect config/.env as an account credential, avoid AUTO_CONFIRM outside deliberate testing, and expect the skill to create or modify FunAI projects and potentially consume credits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Vague Triggers

Medium

Confidence: 75% confidence
Finding: The trigger description is broad enough to match general requests about AI video creation, platform interaction, or related keywords, which can cause the skill to activate outside the user's precise intent. In this skill, over-triggering is more dangerous because activation can lead to token handling, network calls, project creation, and other state-changing actions on an external service.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill tells the agent to obtain a user token and write it into a configuration file, but does not include strong guidance on secret minimization, secure storage, masking, or prohibitions on logging and echoing the token. Because this skill also uses shell scripts and local config files, the context increases the chance of credential leakage through command history, logs, filesystem exposure, or accidental model output.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The default prompt contains a generic first-person request to create an AI comic project, which is broad enough that normal user conversation could unintentionally trigger this skill. Overly broad invocation phrasing can cause the agent to enter tool-using behavior without clear user intent, increasing the chance of unwanted API actions, project creation, or disclosure of internal workflow behavior.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README explicitly instructs the agent to have the user obtain a platform token and then write it into `config/.env`, but it does not include clear handling restrictions such as least retention, masking, redaction from logs, or prohibitions on echoing/secreting the token back to chat. Because the same document also emphasizes shell `source config/.env`, mishandling could expose a live credential in terminal history, debug output, or repository state, making credential disclosure a realistic risk.

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" source "$SCRIPT_DIR/../scripts/api-client.sh" AUTO_CONFIRM="${AUTO_CONFIRM:-}" NOVEL_CONTENT='清晨，城市公园的林荫道上还带着尚未散尽的薄雾，年轻人林舟沿着青石板路缓缓慢跑。阳光穿过高大的树冠，在路面上投下细碎而温暖的光影，周围的一切都显得安静而清新。
Confidence: 88% confidence
Finding: AUTO_CONFIRM

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" source "$SCRIPT_DIR/../scripts/api-client.sh" AUTO_CONFIRM="${AUTO_CONFIRM:-}" NOVEL_CONTENT='清晨，城市公园的林荫道上还带着尚未散尽的薄雾，年轻人林舟沿着青石板路缓缓慢跑。阳光穿过高大的树冠，在路面上投下细碎而温暖的光影，周围的一切都显得安静而清新。
Confidence: 88% confidence
Finding: AUTO_CONFIRM

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: echo -e "${YELLOW}--- ${checkpoint_name}确认 ---${NC}" echo "$modify_hint" if [ "$AUTO_CONFIRM" = "YES" ]; then echo "AUTO_CONFIRM=YES，自动确认继续。" return 0 fi
Confidence: 92% confidence
Finding: AUTO_CONFIRM

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: echo "$modify_hint" if [ "$AUTO_CONFIRM" = "YES" ]; then echo "AUTO_CONFIRM=YES，自动确认继续。" return 0 fi
Confidence: 92% confidence
Finding: AUTO_CONFIRM

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: | "场景编号: \(.scene.scene_id // "未编号")\n场景名称: \(.scene.scene_name // "未命名场景")\n场景描述: \(.scene.scene_description // .content // "暂无描述")\n分镜图: \(.image // "暂无分镜图")\n当前资源类型: \(.displayType // "unknown")\n----------------------------------------" ' >&2 if [ "$AUTO_CONFIRM" = "YES" ]; then echo "AUTO_CONFIRM=YES，默认选择直接进入成片合成。" >&2 printf 'compose\n' return 0
Confidence: 90% confidence
Finding: AUTO_CONFIRM

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: ' >&2 if [ "$AUTO_CONFIRM" = "YES" ]; then echo "AUTO_CONFIRM=YES，默认选择直接进入成片合成。" >&2 printf 'compose\n' return 0 fi
Confidence: 90% confidence
Finding: AUTO_CONFIRM

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal