Back to skill

Security audit

uni-vision-engine

Security checks across malware telemetry and agentic risk

Overview

This video-generation skill has a coherent purpose, but it asks for broad automation over chat images and runs under-disclosed privileged actions during normal use.

Review before installing. Use only with images you intentionally want processed, remove the embedded session token, require your own explicit session, install dependencies through a normal pinned setup step, and confirm how the local Jimeng service stores or forwards prompts, images, and generated video links.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script executes `npm install form-data --no-save` at runtime via `execSync`, which introduces supply-chain and arbitrary command execution risk into normal operation. Even though the package name is fixed, installing code on demand means unreviewed package lifecycle scripts may run and the environment is modified during use, which is unsafe for an agent skill.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The manifest advertises automatic interception of chat images with broad wording and no clear consent, scope, or trigger boundaries. In an agent environment, this can cause over-collection of user-provided images or sensitive media beyond what the user explicitly intended to submit for processing, increasing privacy and compliance risk.

Vague Triggers

High
Confidence
95% confidence
Finding
The agent instruction uses an ambiguous condition—when a user sends a character/outfit photo and 'intends to animate it'—then mandates extraction from chat context and local file creation. This is dangerous because ambiguity in activation conditions can lead the agent to process images without explicit authorization, including personal or sensitive photos, and then forward them to another service.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to extract image payloads from chat context and save them to a local temporary file, but provides no user-facing disclosure, consent flow, retention policy, or handling constraints. This creates a direct privacy and data-governance issue because user images may contain biometric, personal, or sensitive content that is silently copied and then transmitted to another service.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Shelling out to npm without explicit user consent or strong disclosure is dangerous because it performs networked package management and may execute package scripts as part of a normal video-generation action. In an agent context, this behavior is unexpected and expands the script's capabilities beyond submitting media to a local service.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The request sends a bearer token plus user prompt and image data to a local API service without any consent flow, privacy notice, or validation of where that service may forward data. In this skill's context, the image interception feature makes the issue more sensitive because users may provide images directly in chat and those files are transmitted automatically.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/generate.js:9