Back to skill

Security audit

Video Fetch Download

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches its cloud-download purpose, but its setup understates system-level changes and asks users to handle powerful cloud account credentials.

Review the installer before running it, especially on a machine you use for other work. Expect possible OS package installation, pip installation, shell profile PATH edits, local video staging under /tmp, and stored cloud credentials. Use a dedicated account or isolated environment if possible, verify the rclone destination before downloads, and protect or rotate any Quark cookie or rclone token if it is exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The installer comments explicitly claim only user-local installation and no system-wide changes, but the script later installs packages through apt/yum and modifies shell profile files. This is dangerous because it misrepresents the scope of changes, undermines informed consent, and can cause users to run a script with privileges or trust assumptions they would not otherwise grant.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The user-facing banner says 'no system paths modified' while the script performs apt-get/yum installs and later appends to shell profile files, which are persistent environment changes. Misleading prompts in an installer are risky because they conceal privileged or persistent actions that affect the host beyond the advertised user-local scope.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The guide states that authentication credentials are automatically written into the rclone configuration but does not warn that these credentials are sensitive, persistent secrets. This can lead users to store long-lived access tokens in default config locations without understanding the need for filesystem protections, backup hygiene, or secret rotation if the host is shared or compromised.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script silently reads 115drive credentials from the user's rclone config and converts them into an authenticated cookie for P115Client. Even though this appears intended for convenience, it accesses sensitive local secrets without explicit notice or consent, which can surprise users and increases the blast radius if the script is reused, modified, or run in a less trusted environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script appends PATH changes to ~/.bashrc, ~/.bash_profile, or ~/.profile without explicit consent at the moment of modification. Silent persistence changes are security-relevant because they alter future command resolution and can unexpectedly prioritize user-writable binaries in later sessions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The installer performs non-interactive apt/yum and pip operations without an explicit confirmation checkpoint, which can unexpectedly modify the system and pull code from external repositories. In a security context, unattended package installation increases risk because users may not realize they are authorizing persistent software changes and network-sourced code execution.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script loads a full authenticated Quark cookie from disk and attaches it to all requests, but provides no warning that this cookie is effectively a bearer credential that grants account access. If the file is exposed through weak filesystem permissions, backups, logs, or accidental sharing, an attacker could reuse the cookie to access the user's cloud-drive account.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The login instructions tell users to copy their complete browser Cookie header into a plaintext file without explaining the security consequences. A full session cookie can allow account takeover for as long as it remains valid, so encouraging this practice without safeguards materially increases credential theft risk.

External Script Fetching

High
Category
Supply Chain
Content
# Windows: download from https://rclone.org/install/

# Linux
curl https://rclone.org/install.sh | sudo bash
```

**Step 2 — Run the authorization wizard locally:**
Confidence
93% confidence
Finding
curl https://rclone.org/install.sh | sudo bash

Chaining Abuse

High
Category
Tool Misuse
Content
# Windows: download from https://rclone.org/install/

# Linux
curl https://rclone.org/install.sh | sudo bash
```

**Step 2 — Run the authorization wizard locally:**
Confidence
95% confidence
Finding
| sudo

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.