Back to skill

Security audit

博客转视频 Blog to Video

Security checks across malware telemetry and agentic risk

Overview

The skill is not clearly malicious, but it is advertised as blog-to-video while its actual instructions run a broader file/document-to-video workflow that can upload local files to a third-party service.

Review before installing. Use this only if you are comfortable with a dLazy-hosted file/document-to-video workflow, not just blog-to-video. Avoid attaching confidential documents unless you intend to upload them to dLazy, and prefer per-invocation API keys or rotate/revoke the saved key when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill metadata says this is for blog/article-to-video, but the body operationalizes a broader document/file-to-video workflow and hard-codes the `file-to-video` template. This mismatch can cause the agent or user to send unintended file types and content to a third-party SaaS, undermining informed consent and increasing the chance of accidental data exposure or misuse.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The user-facing title presents `blog-to-video`, but the surrounding content describes document/PPT/PDF conversion behavior instead. This contradiction is dangerous because users may rely on the declared purpose while the actual workflow encourages broader file handling and uploads, creating confusion about what data will be processed and where it will be sent.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The instructions explicitly state the skill is fixed to a `file-to-video` template, which conflicts with the manifest's blog/article-specific framing. In practice, this can route user requests into a different backend capability than advertised, causing overbroad processing of files and misleading users about the exact operation being performed.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill manifest advertises a blog/article-to-video capability, but the body of the skill pivots to a broader document/file-to-video workflow. This mismatch can cause the agent to invoke a different capability than the user intended, increasing the chance of over-broad file handling, unexpected data upload, or user consent issues because attached inputs may be treated as generic documents rather than blog content.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill is branded as blog-to-video, but its operative instructions direct the agent to run the `file-to-video` template. That inconsistency is security-relevant because the agent may execute a broader or different remote workflow than the user authorized, including uploading arbitrary local files to third-party storage under a more general processing pipeline.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.