IMDb Top Cast and Crew API

Security checks across malware telemetry and agentic risk

Overview

This is a narrow JustOneAPI IMDb lookup skill, with the main caveat that its API token is sent as a URL query parameter.

Install only if you trust JustOneAPI and are comfortable with your token being sent to api.justoneapi.com in the request URL. Use a restricted or revocable token, avoid sharing logs or error reports that include full request URLs, and rotate the token if it may have been exposed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: Passing an authentication token in the query string is risky because query parameters are commonly logged by clients, proxies, gateways, browser history, and observability systems. Even over HTTPS, this increases the chance of credential exposure through logs or downstream tooling, which could enable unauthorized API access if the token is reused or long-lived.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal