IMDb Critics Review Summary API

Security checks across malware telemetry and agentic risk

Overview

This is a narrow IMDb review-summary API helper, but its JustOneAPI token is placed in the request URL, so users should handle logs and traces carefully.

Install only if you trust JustOneAPI with your API token and the IMDb ids you query. Avoid sharing command output, logs, traces, or error reports from runs of this skill, and rotate the token if you think a request URL may have been exposed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The API token is explicitly modeled as a query parameter and then added to the URL, which causes the credential to appear in request URLs. Query-string secrets are commonly exposed via logs, browser/history tooling, reverse proxies, analytics, error reporting, and upstream infrastructure, increasing the chance of credential leakage even when HTTPS is used.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal