Open Animate

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a normal video and animation helper, with expected use of rendering and AI asset services but no evidence of hidden or harmful behavior.

Install this if you want an agent to help create or render animations/videos. Before using cloud rendering or AI asset generation, assume prompts, media, and project files may leave your machine, and avoid using confidential or proprietary content unless you are comfortable with the referenced services and their terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The skill description is very broad and can cause the agent to invoke this skill for a wide range of ordinary creative requests without clear constraints or user awareness. In practice, that increases the chance of unnecessary tool activation, package installation, and downstream external actions such as rendering or asset generation when a simpler local response would suffice.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs use of cloud rendering and AI asset generation commands that inherently send prompts, media, or project data to external services, but it provides no warning or consent boundary around network transmission. In an agent setting, this can lead to unintentional disclosure of sensitive user content, proprietary assets, or metadata to third-party providers.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal