Back to skill

Security audit

Videoinu

Security checks across malware telemetry and agentic risk

Overview

This Videoinu skill largely matches its stated purpose, but needs review because it can send your access token to arbitrary download links and can auto-approve agent actions.

Install only if you trust this Videoinu integration with your account token and project data. Avoid direct downloads from untrusted URLs, avoid --auto-approve unless the graph and agent actions are low-risk, and upload only files you intend to share with Videoinu.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill documents and encourages capabilities that touch environment variables, local files, network access, and shell execution, but it does not declare permissions or safety boundaries for those actions. This creates a transparency and consent gap: an agent or user may invoke behavior with broader effects than expected, including reading credentials, uploading files, or writing local state.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill promotes uploading local files and downloading remote content without a prominent warning that data will leave the local environment and that downloads will write files locally. In an agent setting, this can lead to accidental exfiltration of sensitive files or unexpected filesystem changes if the user is not clearly informed before execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example uses `--auto-approve` for agent processing without warning that tool calls may be executed without human review. Because the agent can operate on graph nodes and potentially trigger actions through tools or workflows, auto-approval materially increases the risk of unintended modifications, data transfer, or destructive operations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script exposes a flag that automatically approves all tool execution requests, removing the human-in-the-loop safeguard intended for potentially sensitive agent actions. In this Videoinu agent-chat context, tools may access files, run workflows, or take actions on user projects, so enabling blanket approval can let prompt injection or a compromised agent perform unintended operations without review.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script writes remote content directly to local files and automatically attaches an authenticated Cookie header to every requested URL. If the URLs come from graph data or are supplied directly via --urls, this can cause unintended outbound authenticated requests and local file writes without any confirmation, increasing the risk of credential leakage to untrusted hosts, SSRF-like access to internal resources reachable from the runner, and persistence of malicious payloads on disk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This script exports graph structure, node content, asset URLs, metadata, notes, labels, and operation errors directly to stdout with no consent prompt, redaction, or sensitivity checks. In the context of a Videoinu project-management skill, graphs can reasonably contain proprietary workflow data, internal URLs, embedded text content, and other sensitive project details, so unrestricted printing increases the risk of accidental disclosure through logs, terminal history, downstream agent outputs, or copied transcripts.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This script transmits local file contents to remote Videoinu-controlled endpoints, and for text files it reads and sends the entire content directly, but it provides no explicit user-facing warning, confirmation, or sensitivity check before exfiltrating data. In a file-management/upload skill this behavior is expected, but it is still a real security/privacy issue because users may upload secrets, credentials, proprietary documents, or personal data without clear notice that the contents are being sent off-host.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.