Back to skill

Security audit

Fliz AI Video Generator

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a coherent Fliz video-generation integration, but users should treat submitted content and webhook examples as third-party data-sharing surfaces.

Install only if you are comfortable sending the text, URLs, and metadata you provide to Fliz for processing. Do not submit secrets, private documents, regulated data, or proprietary content unless your organization permits that sharing. If you use the webhook example, remove or lock down any history/debug endpoint before exposing it outside a local development environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises and includes operational guidance for using environment variables, local scripts, file inputs, network calls, and shell commands, but it does not declare permissions or clearly scope those capabilities. This creates a transparency and governance gap: an agent or reviewer may not realize the skill can access sensitive inputs or perform outbound actions, increasing the chance of unintended data exposure or unsafe execution in permissive environments.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README instructs users to submit arbitrary text content to the Fliz API using an API key, but it does not warn that prompts, article text, or other supplied material will be transmitted to a third-party service. This can lead users or downstream agents to exfiltrate sensitive, proprietary, or regulated data without informed consent, especially in automation contexts where content may be forwarded programmatically.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs users to send the FULL TEXT content in the `description` field to the external Fliz API, but it provides no user-facing privacy warning, consent prompt, or guidance about handling sensitive, copyrighted, or regulated data. Because the skill's purpose is content transformation and it encourages upstream content extraction, the context makes this more dangerous: users may paste documents, transcripts, or private material without realizing it will be transmitted to a third party.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The GET /webhook/fliz/history endpoint exposes recently received webhook payloads without any authentication or access control. Because webhook payloads may contain video URLs, identifiers, titles, error details, or future sensitive metadata, an unauthenticated user could enumerate operational data and potentially access information not intended for public disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.