DreamAPI Skill

Security checks across malware telemetry and agentic risk

Overview

This is a real DreamAPI media tool, but it needs review because it uploads sensitive media to a third-party service and enables face, voice, and watermark manipulation without adequate consent or rights guardrails.

Install only if you trust DreamAPI/Newport AI and the skill publisher with your API key, credit usage, prompts, and any media you provide. Avoid uploading private, confidential, third-party, or biometric face/voice/video content unless you have consent and rights, use a revocable API key, review generated public URLs, and ask the agent to confirm before uploads or multi-step jobs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (32)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill declares no permissions even though it clearly requires environment access, local file read/write, network access, and shell execution through Python scripts. This creates a transparency and governance gap: users and hosting platforms cannot accurately assess what the skill can access before use, which increases the risk of over-privileged execution and unexpected data exposure.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The documentation exposes a watermark-removal feature as a standard video editing tool without any authorization, rights-verification, or acceptable-use boundaries. Watermark removal can facilitate copyright circumvention, attribution stripping, and misuse of protected media, so presenting it without safeguards materially increases abuse risk.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The script exposes a dedicated watermark-removal capability, which is a high-risk feature because it can facilitate copyright circumvention and removal of provenance or ownership indicators from media. In the context of a general creative media skill, offering this operation without strong policy guardrails, justification, or abuse prevention materially increases misuse potential.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README promotes face swapping and voice cloning of potentially real people without any mention of consent, authorization, privacy, or misuse safeguards. In the context of an agent skill that simplifies powerful media operations into natural-language requests, this omission increases the likelihood of non-consensual impersonation, deceptive media creation, and privacy harm.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill states that local image/audio/video files are auto-uploaded, but it does not present a clear user warning about external transmission, retention, or privacy consequences at the point of use. Because these media files may contain sensitive personal data, silent or poorly disclosed upload behavior can lead to unintended disclosure to a third-party service.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill offers voice cloning and cloned-voice TTS without any warning about consent, impersonation, or the sensitivity of biometric voice data. In context, this is more dangerous because the tool is designed to operationalize cloning directly, making abuse for fraud, deception, or non-consensual replication straightforward.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill promotes face-swap capabilities without warning about consent, identity misuse, or deceptive media creation. Given that the skill is a media-generation toolkit and presents face swapping as a normal workflow option, the absence of safeguards increases the likelihood of non-consensual manipulation, harassment, or impersonation.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation describes commands that accept local media paths and URL inputs for avatar-generation endpoints, but it does not clearly warn users that those files may be transmitted to a third-party external API. This can lead to inadvertent disclosure of sensitive audio, video, biometric, or personal data, especially because avatar and voice-related media often contain highly sensitive identity information.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation instructs users to submit images, masks, and face photos to remote DreamAPI endpoints but does not warn that these assets may be transmitted to and processed by a third-party service. Because the supported operations include face-related editing and background removal, users may unknowingly upload sensitive biometric or personal images, creating privacy and compliance risk.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The documentation explicitly supports supplying an image by URL or local path, which implies user images may be uploaded or transmitted to an external service, yet it provides no warning about privacy, retention, or sensitive content handling. In an AI media-generation skill, users may submit personal photos, IDs, faces, or proprietary images, so the omission can lead to unintended disclosure or unsafe use of sensitive data.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The documentation states that local file paths are uploaded automatically to cloud storage and that the resulting output is a public URL, but it does not clearly warn users that local data will leave their machine and may become publicly accessible. In an agent/tooling context, this can cause unintentional exfiltration of sensitive files because users may pass local paths expecting local-only processing.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The file documents face swapping and watermark removal as routine capabilities without warnings about consent, impersonation, copyright, or unauthorized media manipulation. In this skill context, those omissions make potentially high-risk media manipulation features easier to misuse and normalize unsafe use.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation explicitly allows users to provide a local path or URL for an image that will be sent to a remote video-generation API, but it does not warn that the image content and prompt data leave the local environment. This can lead users to upload sensitive files or internal-only image URLs without understanding the privacy and data exposure implications.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This section describes sending starting and ending frame images plus a text prompt to a remote endpoint, but omits any warning that these assets are uploaded or otherwise disclosed to a third-party service. Because users may supply sensitive local images or internal URLs, the missing disclosure increases the risk of unintended data leakage and privacy violations.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation explicitly enables voice cloning from an audio sample but provides no warning about consent, privacy, impersonation risk, or the fact that samples are sent to a remote API endpoint. In a skill that makes cloning operationally easy, this omission can facilitate unauthorized biometric voice use and deceptive synthesis, increasing misuse risk even if the feature itself is not inherently malicious.

Missing User Warnings

Low

Confidence: 72% confidence
Finding: During login, the tool automatically sends the provided API key to the remote service for verification, but the interactive flow does not explicitly warn the user that their pasted secret will be transmitted immediately. In a security-sensitive CLI, lack of explicit disclosure can surprise users and increases the risk of unintended secret exposure if they expected local-only storage.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The code accepts a local path for --src-video and passes it through resolve_local_file into a request body sent to DreamAPI, meaning local media may be uploaded to a remote service. This is not overtly malicious, but it creates a real privacy and data-transmission risk because users may not realize that supplying a filesystem path causes file contents to leave the machine.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The --audio parameter also allows local paths and is resolved for remote submission, so locally stored audio may be transmitted off-host without explicit user warning. Audio often contains sensitive personal or biometric information, making undisclosed upload more serious in an avatar-generation context.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: DreamAvatar accepts a local image path and resolves it for API submission, so personal images can be uploaded to the remote provider without clear disclosure in the tool behavior. Because avatar workflows commonly involve face photos, the privacy sensitivity is elevated even though the implementation appears intended functionality.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The DreamAvatar audio input may be read from a local path and uploaded to the external API without an explicit disclosure step. In this context, voice data may be highly sensitive and can expose identity or other private information, so silent transmission is a meaningful privacy vulnerability.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The Dreamact --video argument supports local paths and forwards the resolved file for remote processing, which can upload local recordings without explicit disclosure. Since driving videos may contain people, locations, or other sensitive content, lack of warning creates a real confidentiality concern.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The images list is built by resolving each supplied local path for remote submission, so one or more local reference images may be uploaded externally without clear user disclosure. In an avatar/face-generation tool, those images are likely to be personal and therefore materially sensitive.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The image2image flow accepts a local file path and passes it through resolve_local_file(args.image), which likely uploads local content to DreamAPI for processing. In a CLI that handles user media, this behavior is expected, but the lack of an explicit user-facing warning or confirmation increases the risk of users unintentionally transmitting sensitive local files to a remote service.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: These code paths accept local video/image paths and transparently resolve them for upload to a remote API, but the user is not clearly warned that local media will be transmitted off-device. This creates a privacy and data-handling risk, especially for sensitive personal videos, biometric face images, or proprietary media.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The watermark-removal flow accepts a local or remote video and sends it to a remote service without any safety or privacy warning. Because this feature is already abuse-prone, the lack of disclosure compounds the risk by enabling users to unknowingly transmit sensitive or unauthorized content for potentially improper processing.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal