Security audit

AI Video Asset Manager

Security checks across malware telemetry and agentic risk

Overview

This is a mostly coherent AI video asset organizer, but its download helper can fetch arbitrary URLs and write to unsafe local paths if given crafted filenames.

Review before installing. Use it only in a project directory you control, run the helper scripts manually, and avoid untrusted URLs or filenames containing slashes, absolute paths, or '..'. Ideally patch the downloader to restrict URL schemes, block private/internal hosts, limit file size and type, prevent overwrites, and force all downloads to stay inside the chosen asset folder.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill instructs the agent to create local project files and download remote assets, which are code-capable behaviors that should be explicitly declared and permission-gated. Without declared permissions, users and hosting systems may not realize the skill can write to disk and access the network, increasing the chance of silent filesystem changes or unreviewed remote content retrieval.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 84% confidence
Finding: The stated purpose is asset management, but the workflow also includes fetching remote resources from user-provided URLs and storing them locally. That behavioral expansion matters because network retrieval introduces additional risks such as SSRF-style access to internal endpoints, malicious content ingestion, and unexpected local persistence beyond what a user may infer from the description.

Vague Triggers

Medium

Confidence: 72% confidence
Finding: The trigger phrases are broad enough that the skill could activate in loosely related conversations, causing the agent to steer into filesystem or download workflows unexpectedly. In a skill that can create files and fetch URLs, unintended invocation raises the risk of actions being proposed or initiated outside the user's actual intent.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: These instructions direct the agent to create asset files/directories and download reference material to local storage, but there is no explicit warning or consent step about filesystem modifications. That is dangerous because users may not expect persistent local changes, and downloaded material from arbitrary URLs can introduce harmful or inappropriate content into the environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.