Security audit

IMDb Plot Summary API

Security checks across malware telemetry and agentic risk

Overview

This is a narrow JustOneAPI wrapper for fetching IMDb plot summaries, with no evidence of hidden execution or unrelated data access.

Before installing, confirm you are comfortable sending your JustOneAPI token in request URLs for this provider. Avoid sharing full request URLs, logs, traces, screenshots, or error reports from runs of this skill, because they may include the token.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: Passing an authentication token in the query string is dangerous because query parameters are commonly logged by servers, proxies, browser history, analytics systems, and monitoring tools. This increases the likelihood of credential leakage and token reuse, especially since the manifest does not clearly warn users that their secret is being sent in a less-safe location.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.