Back to skill

Security audit

Video Monetization Pro

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches a video-creation and monetization workflow, but it exposes real-looking service credentials and gives broad account-publishing and revenue-reporting instructions without clear user-control boundaries.

Install only after removing and rotating the exposed credentials, replacing them with your own scoped secrets, and reviewing every external action. Treat publishing, OAuth/logged-session use, revenue monitoring, Feishu delivery, and persistent report storage as account-impacting features that should require explicit per-platform confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (23)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The README includes what appear to be live third-party credentials and a verification endpoint token directly in installation instructions. Publishing secrets in documentation enables unauthorized use of external services, account takeover/abuse, and billing or reputation damage, and the sms verification URL is especially suspicious because it is unrelated to a normal end-user setup flow for a monetization skill.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The documentation includes hardcoded secrets and sensitive data: a real-looking phone number, an SMS verification API URL containing a token, and cloud access keys. Exposing credentials in plaintext can enable unauthorized use of paid services, account abuse, interception of verification flows, and downstream compromise if the same secrets are reused elsewhere.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The file contains what appears to be a real third-party phone number, a direct SMS verification retrieval URL, and an access token. This is highly sensitive operational data unrelated to the stated purpose of generating Suno prompts, and it could enable unauthorized access to an external account or expose someone else's verification workflow.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script prints a real-looking phone number and an SMS verification API URL containing a bearer-style token directly in user-facing output. This is sensitive credential material unrelated to prompt generation, and anyone with access to the script or its output could reuse the token to access SMS verification records, hijack account access, or abuse a third-party service.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The script is presented as a legal/compliance review tool, but it also performs an in-place edit of the reviewed file via `sed -i.bak`. That creates an integrity risk: a user expecting read-only auditing may have content silently altered, which is especially problematic in an automated publishing pipeline where the modified file may later be treated as approved source material.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The comments/documentation say the script's purpose is legal compliance review, but the implementation also edits the target file. This mismatch is security-relevant because operators and downstream automation may trust the script as a passive checker, leading to unexpected data modification and possible propagation of altered content through the monetization workflow.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script hardcodes specific personal account identifiers, including email addresses, into output intended for operational use. This unnecessarily discloses personal information to anyone with access to the skill or generated logs, and in a publishing automation context it can aid targeted phishing, account enumeration, or unauthorized use of those identities.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documentation instructs users to place plaintext tokens and secret keys in shell startup files and provides concrete secret values, with no warning about sensitivity or least-privilege handling. This increases the chance of credential leakage through screenshots, shell history, backups, dotfile sync, or accidental publication, and it normalizes insecure secret management.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
Advertising one-click multi-platform publishing and browser automation without a clear warning or confirmation model creates account-impact risk, especially for social/video platforms where uploads, edits, or automation can trigger policy violations or unintended posts. In the context of a monetization tool, these actions are higher risk because they directly affect user accounts, public content, and revenue channels.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrase '创作一个 MV' is broad and likely to occur in normal conversation, increasing the risk of accidental invocation of a workflow that may perform costly generation or publish-related steps. Because this skill chains multiple automated actions, unintended activation is more dangerous than for a read-only helper.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Very broad triggers like '创作一个 MV' or '今日热点 MV' can activate a workflow that includes external searches, content generation, platform publishing, and monitoring. When high-impact actions are attached to common phrases, users may trigger costly or account-affecting operations without informed consent or sufficient confirmation.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Ambiguous revenue-reporting triggers may cause the skill to access account analytics or initiate monitoring logic in response to routine conversational requests. Because the skill handles financial and performance data, accidental activation increases privacy and operational risk.

Missing User Warnings

High
Confidence
95% confidence
Finding
The workflow promises automatic multi-platform publishing and scheduled monitoring, but it does not prominently warn users that this can post content to external accounts, consume quotas, and transmit/retain account-linked data. In a skill that touches monetized creator accounts, missing consent boundaries and action disclosures materially increase the chance of unintended publication or privacy harm.

Missing User Warnings

High
Confidence
99% confidence
Finding
The examples expose operational secrets in plaintext and normalize insecure secret handling. This is dangerous because users may copy the pattern, commit real credentials to version control, or directly abuse the already-exposed values to access external services.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Automatically pushing revenue reports to Feishu sends account analytics and earnings information to an external messaging system, yet the skill provides no privacy warning or data-handling notice. Financial performance data is sensitive business information, and silent external transmission can expose it to unintended recipients or retention outside the user’s expectations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script promotes one-click publishing to multiple external platforms but gives no indication that authenticated account actions, metadata submission, and content uploads will occur on the user's behalf. This can mislead users about the scope of automation and create consent, account-safety, and unintended data-transfer risks, especially when posting to third-party services like B站、抖音、YouTube、视频号.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The script advertises automatic revenue monitoring across multiple platforms without warning that the system must access potentially sensitive earnings and account analytics data. While lower impact than publishing, this still creates privacy and transparency concerns because users may not understand what financial/account data is collected, stored, or aggregated.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The checklist explicitly instructs an operator to log into ClawHub using a GitHub account, but provides no warning about credential handling, session security, or the privacy implications of recording or demonstrating authenticated access. In a demo-recording context, this creates a realistic risk of exposing account identity, cookies/session state, or sensitive workspace data on screen, especially because the workflow is designed for capture and publication.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The checklist calls for backend screenshots from Bilibili and example revenue reports, but does not warn about exposing sensitive business or financial information in recorded material. Because this skill is explicitly aimed at monetization and publishing marketing content, these artifacts could leak private earnings, account metrics, or other commercially sensitive data if shown directly.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script discloses account-identifying information and a live verification-token URL without masking, access control, or warning. Because this is printed as normal usage guidance, it increases the chance of accidental leakage through logs, screenshots, repositories, CI output, or terminal history, enabling unauthorized access and credential abuse.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script modifies the supplied input file in place without prior warning or confirmation. In an end-to-end automation skill, this can overwrite creator content unexpectedly, interfere with version-controlled assets, and enable accidental publication of mutated files under the guise of compliance checking.

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill describes collecting account-level earnings and performance data and pushing it to an external messaging channel on a schedule. This creates a data exposure pathway for sensitive monetization metrics and may violate least-privilege and data-minimization principles if enabled broadly or without clear authorization controls.

Ssd 3

Medium
Confidence
91% confidence
Finding
Persistent monitoring and scheduled reporting across multiple monetization platforms are described without clear consent boundaries, scope limitations, or account segregation. In creator-account contexts, continuous aggregation of analytics and earnings can expose sensitive business data and create unintended surveillance or cross-account leakage risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.