HappyHorse 视频创作助手

Security checks across malware telemetry and agentic risk

Overview

The skill appears to generate videos as advertised, but it embeds and automatically uses a shared DashScope API key, creating account, billing, and abuse risks.

Review before installing. Use only a version that removes the embedded DashScope key, requires your own API key through a secure configuration path, and clearly explains that prompts and media URLs are sent to Alibaba DashScope. Do not submit confidential prompts, private media URLs, or proprietary assets unless external processing is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 81% confidence
Finding: The skill clearly performs outbound network operations to Alibaba DashScope but does not declare corresponding permissions. Undeclared capabilities reduce transparency and can bypass user or platform expectations about what the skill is allowed to do, especially when prompts, image URLs, and generated assets are transmitted externally.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The declared purpose focuses on video generation, but the documentation also shows local file storage and use of a built-in third-party API key. This mismatch hides important security-relevant behavior from users and reviewers, making the skill more dangerous because it handles credentials and persists data beyond what the description suggests.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The skill documentation exposes a hard-coded DashScope API key and instructs the skill to use it directly in Authorization headers. Embedded secrets can be abused by anyone with access to the skill, enabling unauthorized API usage, billing fraud, service abuse, and possible attribution of malicious activity to the key owner.

Context-Inappropriate Capability

Medium

Confidence: 99% confidence
Finding: The file contains a hardcoded DashScope API key and uses it automatically for outbound requests. Embedded credentials can be extracted by anyone with code access, abused for unauthorized API usage, billing fraud, and make key rotation difficult once the skill is distributed.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The download function retrieves whatever URL is returned in the API result or otherwise supplied, then writes the response to disk without validating the destination host, scheme, content type, or size. This creates a generic remote file retrieval primitive that can be abused to fetch unexpected content, consume disk space, or access unintended network locations if a malicious or compromised service returns crafted URLs.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill sends user prompts and image URLs to a third-party provider but does not clearly warn users that their content leaves the local environment. This creates privacy and compliance risk, particularly if prompts or referenced images contain sensitive business, personal, or copyrighted material.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill asks for an Alibaba API key while also claiming one is preconfigured, but it provides no clear credential-handling safeguards. This encourages unsafe secret usage patterns and may lead users to paste sensitive keys into chat or rely on shared embedded credentials.

Missing User Warnings

High

Confidence: 99% confidence
Finding: A hardcoded API key is used for authenticated outbound requests with no warning or secure handling controls. This exposes a live secret in code and enables unauthorized third parties to impersonate the application and incur costs or access associated account resources.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal