Back to skill

Security audit

发布短视频到多平台_无限

Security checks across malware telemetry and agentic risk

Overview

This skill automates uploads to live social-media accounts but is unclear about which platforms are actually published versus only saved as drafts.

Review carefully before installing. Only use it if you understand that Kuaishou is published live while Douyin and Xiaohongshu are saved as drafts, and require the agent to confirm the video file, target accounts, settings, and final action for each platform before it starts browser automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill advertises end-to-end publishing to three platforms, but the documented steps only actually publish to Kuaishou while leaving Douyin and Xiaohongshu as drafts. This mismatch can cause users or downstream agents to believe content was fully distributed when it was not, creating operational failure, misleading audit trails, and unintended business or compliance consequences.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The documentation is internally contradictory: it repeatedly claims publication to all three platforms, yet later instructs the agent not to publish on Douyin and Xiaohongshu. In an automation context, such contradictions are dangerous because operators may rely on the headline behavior while the actual execution silently diverges, leading to incomplete campaigns and confusion over what actions were taken.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad enough to match generic requests like multi-platform publishing or batch video posting, even when the user's intent may differ from this exact three-platform, ordered workflow. That increases the chance the skill is invoked in the wrong context and performs real browser automation, uploads, and account-affecting actions the user did not specifically authorize.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill performs real-world external actions: uploading media, changing download permissions, adding AI-content declarations, selecting groups, and publishing or drafting posts. Without an explicit warning and confirmation gate, a user may trigger consequential account actions without understanding the scope, making accidental publication, privacy-setting changes, or unwanted distribution more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.