Security audit
Poyo Kling Avatar 2 0
Security checks across malware telemetry and agentic risk
Overview
This skill is a straightforward helper for submitting Kling Avatar 2.0 video-generation jobs to PoYo using a user-provided API key.
Before installing, understand that this skill can help an agent submit avatar image URLs, audio URLs, prompts, and optional callback URLs to PoYo when you ask it to run a job. Keep POYO_API_KEY secret, use server-side environments, avoid private likenesses or confidential audio unless you trust PoYo and the callback receiver, and check provider costs and terms before live submissions.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.