Security audit

Video Remove Background

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it stores and reuses Bria credentials in a plaintext local file and uploads videos to Bria for remote processing.

Review this before installing if you work with private videos or shared machines. Only use it with videos you are comfortable sending to Bria, and consider deleting or protecting ~/.bria/credentials after use because it may contain reusable Bria tokens in plaintext.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill contains executable shell workflows but does not declare corresponding permissions or capability boundaries. This creates a transparency and governance gap: an agent may read files, invoke curl, and persist data locally without users or the platform being clearly informed of those behaviors.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The script automatically reads an API token from ~/.bria/credentials without explicit user opt-in at call time. In an agent or shared execution environment, this can cause unintended credential use and external API access, expanding the script's authority beyond the immediate user input and making secret usage less visible and auditable.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The authentication flow instructs the agent to read cached credentials, obtain access and refresh tokens, introspect them, and store/reuse them from ~/.bria/credentials, but it provides no explicit warning or consent step for local credential persistence. Persisting bearer and refresh tokens in a predictable plaintext path materially increases the risk of token theft, unintended reuse across sessions, and lateral compromise by other local processes.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill directs the agent to upload local video files or submit video URLs to Bria's external service, but it does not require an explicit user warning that potentially sensitive media will leave the local environment. This can expose private, regulated, or proprietary video content to a third party without sufficiently informed consent.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The reference explicitly instructs users to upload local videos to a third-party service and notes that the resulting upload and file URLs are unauthenticated secrets, but it does not include a clear user-facing privacy or data-handling warning. This can lead agents or integrators to send sensitive local video content off-device without informed consent, creating confidentiality and compliance risks.

Credential Access

High

Category: Privilege Escalation
Content: ## Setup — Authentication Before making any API call, you need a valid Bria access token. ### Step 1: Check for existing credentials
Confidence: 98% confidence
Finding: access token

Session Persistence

Medium

Category: Rogue Agent
Content: if [ -n "$ACCESS_TOKEN" ]; then BRIA_ACCESS_TOKEN="$ACCESS_TOKEN" REFRESH_TOKEN=$(printf '%s' "$TOKEN_RESPONSE" | sed -n 's/.*"refresh_token" *: *"$[^"]*$".*/\1/p') mkdir -p ~/.bria printf 'access_token=%s\nrefresh_token=%s\n' "$BRIA_ACCESS_TOKEN" "$REFRESH_TOKEN" > "$HOME/.bria/credentials" echo "AUTHENTICATED" break
Confidence: 95% confidence
Finding: mkdir -p ~/.bria

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal