media-info

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent, user-directed MediaInfo installer and media metadata helper, with a real but disclosed supply-chain caution around building downloaded source code.

Install only if you are comfortable running a shell script that downloads and builds MediaInfo from mediaarea.net. Keep it non-root as documented, avoid overriding MEDIAINFO_URL unless you fully trust the replacement source, and prefer verifying the upstream archive when possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill documentation directs users to run shell scripts that install and test MediaInfo, but the skill declares no permissions despite requiring shell execution, environment access, and filesystem writes. This is dangerous because it hides the true execution capabilities from reviewers and policy systems, reducing transparency and making it easier for risky install-time behavior to bypass scrutiny.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The stated purpose is media metadata inspection, but the described behavior extends to downloading external source code, compiling it locally, writing into project directories, and generating test files. That mismatch is dangerous because users may invoke the skill expecting passive analysis, while it actually performs supply-chain-sensitive and state-changing operations that increase the attack surface and could introduce malicious code or unintended modifications.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The script downloads a source tarball from a remotely configurable URL and then executes a build script contained inside that archive. This creates a software supply-chain risk and arbitrary code execution path during installation, especially because neither the archive nor its contents are verified with a checksum, signature, or pinned trusted source.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The script directly runs ./CLI_Compile.sh from the extracted archive, so anyone who can influence the downloaded tarball or MEDIAINFO_URL can execute arbitrary shell commands on the host. In the skill context, an installer for media inspection tools does not inherently need to run unverified remote code, making this more dangerous than the stated purpose suggests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal