Back to skill

Security audit

Jiuma AI Video Generation (Free)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Jiuma media-generation integration, but it needs Review because it stores account tokens, uploads arbitrary local files, and includes risky authorization-code handling in its instructions.

Install only if you trust Jiuma and this package owner. Use your own fresh authorization flow, do not reuse the sample identification code, verify every file path before upload, avoid sensitive/private media unless you intend to send it to Jiuma, and remove the jiuma_ai authorized_token keyring entry when you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill tells users to upload local files to an external platform to obtain URLs, but it does not warn that local content will leave the user's environment and be processed by a third party. This is dangerous because users may upload sensitive images, videos, or audio without informed consent, creating privacy, confidentiality, and compliance risks.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The authorization flow requests an identification code and channel for a third-party service but does not explain that this may link the user's account, session, or identity with the external platform. Without clear disclosure, an agent or user may unknowingly share identifying information and establish persistent linkage across systems.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script retrieves a bearer token from the local keyring and automatically transmits it to a remote API without any user confirmation, warning, or scope restriction at the point of use. In an agent-skill context, this is risky because a skill can silently exercise previously granted credentials, causing unintended authenticated actions or disclosure of account-linked data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script reads an arbitrary local file path and silently uploads that file to a remote service using a bearer token retrieved from the local keyring. Because there is no user-facing disclosure, confirmation, allowlist, or restriction on what may be uploaded, an agent or user could unintentionally exfiltrate sensitive local data to a third-party API.

Ssd 3

High
Confidence
98% confidence
Finding
The documentation includes a concrete identification code in an example authorization command, which creates a serious risk that an agent or user will reuse a real credential embedded in the skill text. If valid, this could authorize actions under another account, expose linked account data, or enable unauthorized use of the external service.

Ssd 3

Medium
Confidence
95% confidence
Finding
The instruction to obtain the identification code from conversation history encourages the agent to search for and reuse sensitive user-provided data beyond the immediate request. This increases the chance of improper credential handling, unintended retention, and unauthorized replay of authentication material with the third-party service.

Credential Access

High
Category
Privilege Escalation
Content
token = keyring.get_password("jiuma_ai", "authorized_token")
        if token and len(token) > 20:  # 基本验证token长度
            return token
    except (keyring.errors.KeyringError, FileNotFoundError) as e:
        print(e)
        pass
    return None
Confidence
70% confidence
Finding
keyring

Credential Access

High
Category
Privilege Escalation
Content
token = keyring.get_password("jiuma_ai", "authorized_token")
        if token and len(token) > 20:  # 基本验证token长度
            return token
    except (keyring.errors.KeyringError, FileNotFoundError) as e:
        print(e)
        pass
    return None
Confidence
70% confidence
Finding
Keyring

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.