Back to skill

Security audit

Fitness Recipes AI

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it claims, but it includes a hard-coded paid-service API key and under-specified public posting/automation behavior that users should review before installing.

Review before installing. Remove and rotate the embedded ElevenLabs key, use only your own scoped provider keys with spending limits, verify ffmpeg/Pillow dependencies, avoid sensitive or private content in prompts or media, and do not enable cron or provide Postiz/TikTok credentials unless you have reviewed the posting path and want automated public publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Tainted flow: 'video_url' from requests.get (line 155, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
output_dir.mkdir(parents=True, exist_ok=True)
                    output_path = str(output_dir / f"video_{render_id}.mp4")
                
                video_response = requests.get(video_url)
                with open(output_path, "wb") as f:
                    f.write(video_response.content)
Confidence
92% confidence
Finding
video_response = requests.get(video_url)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly states that it can post videos to TikTok via Postiz, but the description does not present this as a clear safety-relevant capability or warn users that running the workflow may trigger publication to an external social platform. This creates a meaningful risk of unintended outbound actions, account misuse, or reputational harm if a user enables or misunderstands the optional posting behavior.

Missing User Warnings

High
Confidence
99% confidence
Finding
A live ElevenLabs API key is hardcoded directly in source code, making secret exposure highly likely through source sharing, logs, backups, or repository history. Anyone obtaining the file can reuse the credential to consume paid API resources, impersonate the application, or access associated account capabilities.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The function sends arbitrary input text to a third-party TTS provider, but the docstrings/comments do not clearly disclose that user content leaves the local environment. In workflows where recipe names or scripts may contain sensitive or proprietary data, this can cause unintended data exposure to an external service.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This skill sends user-provided media references to a third-party video-rendering service but does not provide any explicit notice, consent flow, or privacy guardrails. In the context of an agent skill that may process local user assets, silent external transfer increases privacy and data-handling risk, especially if users assume processing is local.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.