Back to skill

Security audit

Video Generator CLI

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward command guide for a video generator, with disclosed cleanup behavior but no hidden installer, persistence, or unrelated access.

Before installing, be aware that npm run generate and npm run build are fresh-start commands that remove prior generated cache, video, and audio outputs. Use the resume or segment commands when you want to preserve existing work, and avoid processing confidential scripts unless you are comfortable with any external stock-footage or voiceover services involved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents commands that intentionally delete cache and output directories as part of normal operation, but it does not present an explicit caution section warning agents that prior artifacts will be removed. In an agent-executed context, omission of that warning increases the chance of unintended data loss because an automated system may treat `generate`/`build` as safe default actions without confirming destructive side effects.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.