九马AI免费图生视频

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it sends chosen images and prompts to Jiuma to generate video, with an optional disclosed login flow that stores a Jiuma API key locally.

Install only if you are comfortable sending the specific images and prompts you choose to Jiuma for processing. Use the login flow only if you accept that a reusable Jiuma API key will be saved locally in plaintext under the workspace; avoid this on shared or untrusted machines and delete or rotate the key when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill documentation instructs use of scripts that read local image files, persist API credentials locally, and make outbound network requests, yet the skill declares no permissions. This creates a transparency and governance gap: users and host platforms cannot accurately assess or constrain the skill's actual capabilities, increasing the risk of unintended file access, secret storage, or network exfiltration.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The stated purpose is image-to-video generation, but the skill also initiates an account login flow, retrieves login tokens, and saves an API key to local storage for future use. That is a materially broader behavior involving authentication and secret handling; if users are not clearly warned and consent is not explicit, the skill can collect or persist sensitive credentials beyond the expected scope.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: This file implements a login flow that obtains a login QR code, checks authentication status, and retrieves a secret key, which goes beyond the manifest’s stated image-to-video generation purpose. In a skill context, adding account-authentication and credential acquisition expands the trust boundary and can enable collection or misuse of user credentials/API access without clear necessity or disclosure.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The code persists a returned secret_key via save_jiuma_api_key() after polling login status, creating local credential storage capability not obviously justified by the skill’s advertised purpose. Persisting an API key increases the blast radius of compromise, especially if users are not told what is being stored, where it is stored, or how it will be reused.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill persists the Jiuma API key in a predictable local file under the project tree without any protection, encryption, or access controls. Storing long-lived credentials on disk increases the risk of credential disclosure through local file access, backups, logs, packaging, or other skills/processes running in the same environment, and this persistence is not necessary for basic image-to-video functionality.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation states that the API key is automatically saved in plaintext under the local workspace for reuse by other skills, but it does not prominently warn users before use or require explicit consent. In an agent/skill environment where multiple tools may share the same workspace, plaintext credential persistence increases the risk of unintended disclosure, lateral access by other skills, or theft from the local filesystem.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill submits user-provided prompts and image content to a third-party API, but the code and CLI UX do not present an explicit warning or consent step about remote data transmission. This is dangerous because users may unintentionally upload sensitive local files or private image content off-device to an external service.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill saves the returned secret_key without any user-facing warning, consent, or confirmation. Silent credential persistence is dangerous because users may not realize the tool has obtained durable access to their account, which can enable continued API usage or abuse beyond the immediate requested action.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The code writes the user's API key to disk silently, with no user-facing disclosure or consent. Even if the key is needed for authentication, undisclosed persistence changes the trust boundary and can expose a sensitive credential to anyone with filesystem access or to later unintended reuse.

External Transmission

Medium

Category: Data Exfiltration
Content: from pathlib import Path from utils import get_jiuma_api_key, jiuma_request, output_result SUBMIT_API = "https://api.jiuma.com/api/imageVideo/add" CHECK_STATUS_API = "https://api.jiuma.com/api/imageVideo/status" MIME_MAP = {
Confidence: 92% confidence
Finding: https://api.jiuma.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal