Short Video Agent Kit
Security checks across malware telemetry and agentic risk
Overview
This skill is a coherent dry-run-first guide for a video-generation MCP tool, with disclosed credential and paid-provider risks but no hidden or destructive behavior found.
Before installing, verify the npm package and GitHub repository, consider pinning a known package version, start with doctor/manifest/privacy-audit/connection-status/dry-run flows, and only enable live mode with provider credentials you intend to use and can revoke.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
No VirusTotal findings