Security audit

博乐故事创作系统，输入提示词，创建视频故事

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do its stated Bole story/video generation job, but it exposes a live bearer token in logs and under-discloses some external data handling.

Review before installing. Use only a revocable, least-privilege Bole access key, avoid confidential or regulated prompts, and prefer a patched version that removes token logging, adds bounded timeouts, clearly documents Bole data transmission, and aligns the packaged metadata with the visible skill identity.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 99% confidence
Finding: The code prints the bearer access token and other internal identifiers to stderr. Logs are often collected centrally, visible to operators, or exposed in debugging pipelines, so this can leak live credentials and resource IDs beyond the intended trust boundary.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The documentation says the skill generates stories through the Bole AI platform, but it does not clearly warn that user-provided story text will be transmitted to a third-party service for processing. Users may unknowingly submit sensitive, proprietary, or personal content, creating privacy, confidentiality, and compliance risks.

Missing User Warnings

High

Confidence: 99% confidence
Finding: Printing an access token derived from the environment to stderr directly exposes credential material to logs and output channels. Anyone with access to execution logs may be able to reuse the token to access or manipulate the associated Bole account resources.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill sends user-provided story text to a third-party API, but there is no visible notice, consent flow, or data-handling disclosure in the code path. If users enter confidential or proprietary content, that data is transmitted off-platform without transparent warning, creating privacy and compliance risk.

Ssd 3

High

Confidence: 99% confidence
Finding: The access token is emitted verbatim to stderr, which is a classic secret-disclosure issue. Because this token is then used to perform authenticated operations against the external service, log exposure can enable account misuse, project manipulation, or data access until the token expires or is revoked.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal