Back to skill

Security audit

Video Publish All

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only guide for publishing videos to Chinese social platforms, with expected public-posting risk but no hidden code, credential handling, or deceptive behavior.

Install only if you want an agent to help prepare or publish videos to these external platforms. Before anything is posted, confirm the exact accounts, platforms, video file, title, description, tags, and whether the local published.json path is correct.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill exposes a broad natural-language trigger for publishing to all platforms without any explicit confirmation, scoping, or safety gate. Because publishing creates external, persistent actions, an ordinary user request could unintentionally activate mass posting behavior and cause accidental dissemination across multiple public accounts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises one-click publication to several external platforms but does not warn that this creates persistent public content, may affect reputation, and may be difficult to undo consistently across services. In an agent setting, omission of such warnings increases the chance of users triggering real-world external actions without understanding the consequences.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.