Dlazy Sync Lipsync 3
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed wrapper around the dLazy lip-sync API, with expected credential use and media upload behavior for its stated purpose.
Before installing, review the @dlazy/cli package/source if you are sensitive to supply-chain changes because the install path uses @latest. Only pass media files you intend to upload to dLazy, and prefer per-invocation DLAZY_API_KEY if you do not want an API key saved in ~/.dlazy/config.json.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.