MyReels API

Security checks across malware telemetry and agentic risk

Overview

This is a coherent MyReels API helper that uses a MyReels token for expected generation and task-management actions.

Before installing, verify that you trust the MyReels source, use a dedicated revocable access token, keep ~/.myreels/config private with restrictive permissions, confirm MYREELS_BASE_URL points to the official or trusted API endpoint, and review model cost before submitting generation tasks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The invocation text is broad enough that the skill may trigger on casual mentions of MyReels-related topics, causing unnecessary use of shell scripts and networked API actions in contexts where the user did not explicitly ask for that integration. Over-broad routing increases the chance of unintended external calls and handling of authenticated data.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documentation instructs users to store an access token in a local config file and notes that scripts load it automatically, but it does not include strong warnings about token sensitivity, file permissions, redaction, or avoiding accidental disclosure in logs/output. This can lead to credential exposure through weak local storage practices or agent-mediated output handling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal