Back to skill

Security audit

Freebeat Music Video Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Freebeat workflow guide, with the main risk that uploaded audio, images, or URLs are sent to the Freebeat service.

Install only if you are comfortable sending the audio, images, or URLs you provide to Freebeat or its underlying MCP service. Avoid private, sensitive, copyrighted, or confidential media unless you understand the service's retention, sharing, account, and billing terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs use of `upload_audio` for local files or URL imports but does not warn users that their media will be transferred to an external service. This can lead to unintended disclosure of sensitive or copyrighted content, especially because the workflow encourages seamless upload as a normal step without any privacy or consent notice.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.