生成短视频分镜脚本_无限

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it opens DeepSeek in Chrome and submits the user's narration to generate a short-video storyboard script.

Install only if you are comfortable sending the narration text to DeepSeek through Chrome. Avoid confidential, personal, regulated, or proprietary narration unless that transfer is acceptable, and consider using a browser profile without sensitive active sessions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to send user-provided narration text to chat.deepseek.com, a third-party service, without any notice, consent flow, data classification guidance, or restrictions on sensitive content. This creates a real privacy and data-governance risk because users may provide confidential scripts, personal data, or proprietary material that is then transmitted externally without informed approval.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal