music video mv 制作

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only music-video generation skill that sends a user-selected audio file to ohyesai.com, which is expected for its purpose but worth understanding before use.

Install only if you are comfortable sending the selected audio file and your OHEYSAI_API_KEY to ohyesai.com. Use audio you own or are licensed to process, avoid sensitive voice recordings unless you accept the provider handling them, and consider rotating the API key if it may appear in logs because the documented API examples place it in URL query parameters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to upload a user-provided audio file to a third-party service but does not explicitly warn the user that their media will be transmitted off-platform. Audio files can contain personal, copyrighted, or otherwise sensitive content, so silent external transfer creates a real privacy and consent risk even if the upload is necessary for the feature.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal