Video Craft Pro

Security checks across malware telemetry and agentic risk

Overview

This is a short-form video writing helper with no evidence of hidden access, credential use, persistence, or destructive behavior.

Safe to install as a content-generation helper. Review generated scripts, captions, hashtags, and platform suggestions before publishing, and avoid sharing confidential campaign material unless your agent environment is approved for that data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The manifest description "融合技能" is too generic to communicate what the skill does or when it should be invoked. In agent ecosystems, vague activation scope can cause the skill to be selected in inappropriate contexts, increasing the chance of unintended access to user data, misleading outputs, or execution in workflows it was not meant to handle.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal