胡田 OPC导师视频字幕工具

Security checks across malware telemetry and agentic risk

Overview

This video dubbing skill does what it claims, but it embeds a Coze bearer token and sends user video/text data to a third-party workflow with limited user-facing disclosure.

Review before installing. Do not use this skill with private or sensitive videos unless you are comfortable sending a public video URL and subtitle text to Coze. The publisher should remove and rotate the embedded bearer token, require credentials from secure configuration, and add a clear privacy notice before processing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill invokes a Python script that uses requests and therefore has outbound network capability, yet the manifest does not declare corresponding permissions or clearly disclose them. Hidden network/env access weakens reviewability and can lead to unexpected data handling or secret usage without informed approval.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The documented purpose is simple video dubbing/subtitling, but the implementation behavior includes sending user-provided video URLs, subtitle text, and voice parameters to an external Coze API using a hardcoded authentication token. This creates both a sensitive-data disclosure risk and a credential-exposure risk that is materially beyond the declared functionality.

Intent-Code Divergence

Medium

Confidence: 83% confidence
Finding: The user interaction text tells users to upload a video file, while the operational steps require a publicly accessible video URL. This mismatch can cause users to reveal or transform content in unsafe ways, such as rehosting private media to public endpoints to satisfy the workflow, increasing unintended exposure.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The script contains a hardcoded bearer token and uses it to authenticate outbound requests to an external Coze workflow service. Embedding live credentials in source code is dangerous because anyone with code access can reuse the token to access the external service, incur costs, exfiltrate data, or abuse the associated account.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill does not clearly warn users that their video URL, subtitle text, and related parameters will be transmitted to an external Coze workflow/API. This lack of transparency undermines informed consent and can expose user content or metadata to third-party processing unexpectedly.

Missing User Warnings

High

Confidence: 99% confidence
Finding: A hardcoded bearer token is sent in the Authorization header during network transmission, which creates a direct credential exposure and unauthorized service access risk. Because the skill processes user-supplied video URLs and text, misuse of the token could enable third parties to submit arbitrary jobs through the linked workflow without user awareness.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal