aigc-director

OpenAI, Gemini, DashScope, Volc/Kling, or other provider keys could be exposed in chat logs, agent context, or debugging output.

The required pre-flight check would print API-key lines from the user's .env file into the agent/session context instead of only checking whether keys are configured; registry metadata also declares no required env vars or primary credential.

If real provider keys are embedded in the package, they could grant unintended account access or incur usage costs for whoever owns those keys.

The static scan reports possible hardcoded API secret literals here and in multiple other provider clients; the snippets are redacted, so the exact value should be manually verified.

Other devices or web pages on the same network could potentially call workflow APIs, consume model credits, alter sessions, or fetch generated files if the service is reachable.

The backend enables broad cross-origin access and statically serves the whole CODE_DIR; combined with the skill's instruction to share a local IPv4 URL, the local tool may be reachable beyond the user's own browser.

Private ideas, prompts, generated media metadata, and workflow state may remain on disk and could be exposed through the local web service if access is not restricted.

Session state and artifact metadata are persisted under backend/code; api_server.py mounts settings.CODE_DIR at /code, so persisted session data may sit inside a statically served tree.

A network attacker could tamper with downloaded media or responses used in the video workflow.

The static scan shows HTTPS certificate verification disabled during image processing or download, which is not required by the stated purpose.

Dependency installation can run third-party code on the user's machine if the manifests or packages are compromised.

The local app requires user-directed Python and npm dependency installation; this is normal for the project, but the registry lists the source as unknown and there is no install spec.