Security audit

VidAU Video Generator

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its Vidau video-generation purpose, but it needs Review because it can modify the host setup and keeps detailed API logs locally.

Install only if you are comfortable granting the skill access to your Vidau API key, allowing it to upload selected local media to Vidau, and accepting local cache files. Review or remove the automatic Python installation instructions before use, and disable, redirect, or periodically delete ~/vidau_api.log because it may contain prompts, account responses, task identifiers, and generated media links.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration

Findings (5)

Tainted flow: 'LOG_PATH' from os.environ.get (line 15, credential/environment) → open (file write)

Medium

Category: Data Flow
Content: error: Optional[str] = None, ) -> None: try: with open(LOG_PATH, "a", encoding="utf-8") as f: f.write("\n" + "=" * 60 + "\n") f.write(f"[{datetime.now().isoformat()}] API request\n") f.write("-" * 40 + "\n")
Confidence: 88% confidence
Finding: with open(LOG_PATH, "a", encoding="utf-8") as f:

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill declares no explicit permissions even though its documented behavior requires environment access, reading local files, writing cache files, and making network requests. This mismatch weakens platform governance and user transparency, because the runtime may grant broader capabilities than the manifest communicates or security reviewers may underestimate the skill's access.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: This client logs full request parameters and response bodies to a persistent local file even though the skill's purpose is only API interaction for video generation or credit queries. Those payloads may contain prompts, account details, job identifiers, URLs, or other sensitive content, creating unnecessary data retention and leakage risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The code persistently records request parameters and up to 2000 characters of response bodies without any user-facing disclosure or consent flow. Because this skill handles external API traffic, the logs may capture sensitive prompts, media URLs, error details, or account information, increasing privacy and local compromise risk.

Chaining Abuse

High

Category: Tool Misuse
Content: 1. Run `python3 --version` or `python --version`. If either succeeds, use that command when invoking the scripts below. 2. If both fail, try to install Python for the current platform: - **macOS**: `brew install python3` (requires Homebrew). - **Linux (Debian/Ubuntu)**: `sudo apt-get update && sudo apt-get install -y python3`. - **Windows**: `winget install Python.Python.3.12` if available; otherwise tell the user to download and run the installer from [python.org](https://www.python.org/downloads/). 3. If install fails (e.g. no permission or unsupported OS), reply with a short message that Python 3 is required and link to [python.org/downloads](https://www.python.org/downloads/), then stop. Do not run the Vidau scripts until Python is available.
Confidence: 97% confidence
Finding: && sudo

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal