发布快手短视频_无限

Security checks across malware telemetry and agentic risk

Overview

This skill is built to publish Kuaishou videos, but it lets the agent complete a public post and change download permissions without requiring a final user confirmation.

Install only if you are comfortable letting an agent operate a signed-in Kuaishou Creator account. Before use, require it to show the selected account, video file, title, description, tags, cover choice, AI-content declaration, and download setting, then wait for your explicit approval before publishing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill automates publication of content to an external creator account and changes a distribution/privacy-related setting ('allow download') without an explicit user confirmation step immediately before the side effect. In an agent setting, this can lead to unintended account actions, reputational harm, or unauthorized posting if the invocation context is ambiguous, especially because the skill emphasizes self-resolving prompts rather than asking the user.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal