Cn Video Gen

Security checks across malware telemetry and agentic risk

Overview

The skill’s video-generation purpose is mostly coherent, but it includes under-scoped third-party media uploads and an embedded default upload token that users should review before installing.

Review this skill before installing. Use it only with media you are comfortable sending to the configured video provider, the public image-hosting service, and Feishu. Remove or rotate the embedded upload token, require your own explicitly configured credentials, and add a clear confirmation step before uploading or sharing files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill documentation directs use of environment secrets and external network calls, but no explicit permissions are declared. This creates a transparency and governance gap: users and platforms cannot easily assess that the skill will access API keys and communicate with third-party services before activation. In a skill that uploads media and contacts external APIs, undeclared capabilities materially increase operational and privacy risk.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The skill claims to support AI video generation, but the documented behavior also includes uploading local images to a public image-hosting service, downloading generated videos locally, and sending files to Feishu, which are materially different data-handling actions. That mismatch can cause users to expose private local media or persist sensitive outputs without informed consent. The claimed Kling support also appears incomplete, which undermines trust and can hide actual execution paths from reviewers.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: This skill is presented as a Wan/Kling video-generation capability, but it includes code to upload images to an unrelated third-party public image-hosting service. That hidden or weakly justified data transfer increases privacy and supply-chain risk because user media may be exposed to an external provider outside the declared scope of the skill.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The file pulls image-hosting credentials and uses them with an external service that is not part of the declared Wan/Kling video providers. In the context of an agent skill, undeclared third-party credential use is dangerous because it enables silent outbound data transfer and makes operator review harder.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The implementation materially differs from the stated purpose: instead of generating video, it uploads images and returns a public URL. In a skill ecosystem, this mismatch is security-relevant because users and reviewers may authorize a video tool without realizing it republishes content to a public hosting service.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill instructs uploading a local image to a public image-hosting service to obtain a URL, but it does not warn that this is a data exfiltration step to a third party. If users provide sensitive, personal, or internal images, they may be exposed outside the trusted environment, potentially using shared or embedded credentials. In the context of a media-generation skill, image upload is expected, but using a public image bed without explicit consent and privacy guidance makes it significantly more dangerous.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documented workflow downloads generated videos to local storage and then sends them to Feishu, but it omits warnings about local persistence and external transmission. This can leave sensitive media on disk and share it to another platform without clear user understanding of retention, access control, or cleanup. The skill context makes file handling normal, but the lack of disclosure and safeguards still creates real data-handling risk.

Missing User Warnings

High

Confidence: 99% confidence
Finding: A hardcoded default API token is embedded directly in the script, allowing anyone with code access to reuse the credential and perform uploads through the associated account. This creates credential leakage, unauthorized service use, billing or quota abuse, and makes outbound publication possible even when operators did not intentionally provision credentials.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal