Back to skill

Security audit

AI Video Generation - 视频创作 - 聚合数据

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Juhe video-generation helper, but users should understand that prompts and any supplied media inputs go to Juhe and may consume API quota.

Install only if you trust Juhe for this workflow. Do not provide private photos, internal links, signed URLs, confidential prompts, or sensitive audio unless you are comfortable sending them to Juhe. Keep JUHE_VIDEO_KEY private, prefer an environment variable over command-line keys, and confirm resolution, duration, quota cost, and output directory before running generation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The AI usage guidance says the skill should act whenever a user asks to create/generate/make a video, which is broad enough to overlap with ordinary conversation. Overbroad triggering can cause unintended invocation, unexpected third-party requests, and accidental transmission of user prompts or media to the external service.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation encourages supplying image and audio URLs but does not clearly warn that these resources will be sent to a third-party provider for processing. If users provide personal photos, private media links, or signed URLs, this can expose sensitive data or internal resource locations to an external service.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.