Back to skill

Security audit

muapi-media-generation

Security checks across malware telemetry and agentic risk

Overview

This media-generation skill mostly matches its stated purpose, but it needs review because it stores and loads API credentials unsafely and sends user-selected files/content to a third-party service with limited disclosure.

Install only if you are comfortable sending prompts and selected media files to muapi.ai. Prefer setting MUAPI_KEY in your environment instead of using --add-key, avoid running these scripts in directories with untrusted .env files, and do not upload confidential, regulated, or secret files unless the provider terms allow it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises multiple shell scripts and operational capabilities but does not declare corresponding permissions, which reduces transparency about what the skill can execute. In a terminal-integrated skill, undeclared shell access can mislead users and reviewers about the trust boundary and increase the chance of unexpected command execution or networked actions.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script includes `--add-key` behavior that stores the API key in a local `.env` file, which is ancillary credential-management functionality beyond image/video generation. Persisting secrets to disk without permissions hardening or user warning increases the risk of credential exposure through other local users, backups, logs, or accidental commits.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill includes an `upload.sh` capability for sending local files to a CDN, but the description and quick-start text do not clearly warn users that local content leaves the machine and is transmitted to a third-party service. This can lead to accidental disclosure of sensitive files, especially because uploading is presented as a normal workflow step alongside media generation commands.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The requirements instruct users to set `MUAPI_KEY`, implying authenticated communication with a third-party API, but do not clearly disclose that prompts, media inputs, and related metadata may be sent off-device. While this is common for SaaS-backed skills, the missing notice weakens informed consent and could cause users to submit sensitive content without understanding the external transmission.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The API key is written directly into `.env` with no warning that this stores a secret in plaintext on disk. Users may unknowingly leave credentials exposed to local compromise or accidentally commit the file to a repository.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.