Back to skill

Security audit

SVG Animator

Security checks across malware telemetry and agentic risk

Overview

This animation skill does what it claims at a high level, but its helper script runs local shell commands with an unvalidated output path.

Install only if you are comfortable with a skill that runs local media-conversion commands and writes files on your machine. Use trusted ffmpeg and rsvg-convert binaries, run without elevated privileges, keep output paths simple and trusted, avoid very large frame counts, and do not publish generated files through nginx unless you intend them to be reachable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill materially overstates its capabilities and omits key operational constraints, including dependence on local binaries and lack of real text-LLM-driven arbitrary subject support. This is dangerous because downstream agents or users may trust unsupported features, invoke unavailable tools, or make incorrect assumptions about what code will run, leading to unsafe execution paths, broken automation, or exposure of local infrastructure assumptions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description does not define clear activation boundaries or trigger conditions, so an agent may invoke it too broadly based on vague animation-related requests. Overbroad activation increases the chance of unintended tool use, unnecessary local command execution, and user confusion about when external binaries or file generation will occur.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/animate.js:254