Masonry: generate images and video with models across providers

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Masonry CLI integration for user-requested image and video generation, with expected account-token and external-service risks.

Install only if you trust Masonry and the @masonryai/cli package. Use a Masonry token scoped appropriately for this agent, avoid pasting tokens into chat when environment-variable setup is available, and do not send private prompts or reference images unless you are comfortable with Masonry processing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The authentication flow instructs the agent to handle and pass a raw token via `masonry login --token <TOKEN>` without explicitly warning that the token is sensitive or requiring care to avoid echoing, logging, or retaining it. In an agent setting, this increases the risk of credential exposure in transcripts, tool logs, shell history, or accidental responses back to the user.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal