Baidu Wenku AI picture book of video

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Baidu picture-book generator that uses a Baidu API key and sends story text to Baidu as expected for its purpose.

Install only if you are comfortable sending the story prompt and related task data to Baidu's external service using your BAIDU_API_KEY. Avoid secrets, private personal data, unpublished confidential material, or regulated content unless your data-sharing requirements allow it, and treat returned video URLs as external links.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill requires environment access to `BAIDU_API_KEY` and performs networked API calls, but it does not explicitly declare permissions or warn users about those capabilities. This reduces transparency and informed consent, making it easier for sensitive user-provided story content or API-backed actions to be sent off-platform without clear disclosure.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs users to submit arbitrary story content to a remote Baidu service and later returns external video URLs, but it does not warn that prompts may leave the local environment or that results are hosted remotely. In contexts involving proprietary, personal, or regulated content, this omission can lead to unintentional data disclosure and unsafe handling of untrusted external links.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal