IMDb 'Did You Know' Insights API

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow JustOneAPI IMDb lookup helper, with the main caution that its API token is sent in the URL query string.

Install only if you are comfortable with JUST_ONE_API_TOKEN being sent to JustOneAPI as a URL query parameter. Keep the token in the environment, avoid putting it in chat or logs, and rotate it if you suspect URL logs or telemetry exposed it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The API design requires the authentication token to be passed in the URL query string, which is commonly logged by browsers, proxies, web servers, analytics systems, and monitoring tools. Even over HTTPS, query parameters often persist in logs and traces, increasing the risk of credential leakage and unauthorized reuse of the token.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal