keevx-image-to-video

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Keevx image-to-video helper; it sends selected images and prompts to Keevx as expected, so users should treat that content as shared with a third party.

Install only if you are comfortable giving the agent a Keevx API key and sending selected images, image URLs, prompts, and optional callback results to Keevx. Avoid confidential, regulated, or internal-only media unless Keevx's terms and retention are acceptable; use a dedicated revocable API key, monitor usage costs, and use callback_url only with trusted HTTPS endpoints you control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs users to upload local files and submit image URLs to a third-party service but does not clearly warn that user-provided content will leave the local environment and be transmitted to Keevx-controlled infrastructure. This creates a privacy and data-handling risk because users may unknowingly send sensitive local images or internal URLs to an external API.

External Transmission

Medium

Category: Data Exfiltration
Content: ### Upload Local File ```bash curl --location 'https://api.keevx.com/v1/figure-resource/upload/file' \ --header 'Authorization: Bearer $KEEVX_API_KEY' \ --header 'source: skill' \ --form 'file=@"/path/to/local/image.png"'
Confidence: 92% confidence
Finding: curl --location 'https://api.keevx.com/v1/figure-resource/upload/file' \ --header 'Authorization: Bearer $KEEVX_API_KEY' \ --header 'source: skill' \ --form 'file=@"/path/to/local/image.png"' ``

External Transmission

Medium

Category: Data Exfiltration
Content: ### Upload Local File ```bash curl --location 'https://api.keevx.com/v1/figure-resource/upload/file' \ --header 'Authorization: Bearer $KEEVX_API_KEY' \ --header 'source: skill' \ --form 'file=@"/path/to/local/image.png"'
Confidence: 92% confidence
Finding: https://api.keevx.com/

External Transmission

Medium

Category: Data Exfiltration
Content: ### Single Image Generation (Model V) ```bash curl -X POST "https://api.keevx.com/v1/image_to_video" \ -H "Authorization: Bearer $KEEVX_API_KEY" \ -H "source: skill" \ -H "Content-Type: application/json" \
Confidence: 86% confidence
Finding: https://api.keevx.com/

External Transmission

Medium

Category: Data Exfiltration
Content: ### Multi-Reference Image Generation (Model KL) ```bash curl -X POST "https://api.keevx.com/v1/image_to_video" \ -H "Authorization: Bearer $KEEVX_API_KEY" \ -H "source: skill" \ -H "Content-Type: application/json" \
Confidence: 86% confidence
Finding: https://api.keevx.com/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal