Back to skill

Security audit

Video Download Archive

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it says, but it downloads files and writes video/archive metadata to a fixed Feishu table while relying on an unbundled hard-coded local helper script.

Review before installing. Only use this if you trust the publisher, verify or replace the hard-coded ytfetch.sh helper, and confirm the Feishu app token/table are yours or intentionally shared. Expect downloaded video files plus URLs, descriptions, uploader data, and full local file paths to be written to the configured Feishu table.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill explicitly relies on shell execution (`scripts/run_video_archive.py`) and network access (`yt-dlp`, Feishu API workflow) but does not declare corresponding permissions. Undeclared capabilities weaken review and runtime trust boundaries, making it easier for a skill to perform sensitive actions without clear user or platform visibility.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The script embeds Feishu Bitable identifiers and emits a fully prepared record payload containing local file paths, URLs, metadata, and descriptive content. Hardcoding integration parameters and packaging sensitive local/remote data increases the chance of unintended data exposure or unauthorized reuse of the integration context, especially in an agent skill that may be invoked on untrusted content.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script returns sensitive environment-derived data including absolute local file paths, uploader links, and full metadata/description blobs. In an agent context, emitting this data can leak host filesystem structure and collected remote content into logs, downstream tools, or callers that do not need it.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.