Jable Downloader Lite

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Jable.tv video downloader with disclosed local downloads and no evidence of hidden data theft, persistence, or privilege escalation.

Install only if you are comfortable with an agent running yt-dlp/ffmpeg, accessing Jable.tv, and saving downloaded adult videos under your Videos folder or a chosen directory. Review the requested number of downloads and destination first, especially on shared machines.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill describes capabilities that require network access, shell execution, and filesystem interaction, yet it declares no permissions or trust boundaries. This creates a mismatch between what the skill appears allowed to do and what it instructs the agent to perform, increasing the risk of silent downloads, command execution through helper tools like yt-dlp/ffmpeg, and writes into user directories without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal