Security audit

Hilight Video Generate

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent video-generation helper, but users should understand it uses an API key, a local MCP gateway, and shell-based video downloads.

Install only if you trust the video-generation provider and the local mcporter service on localhost:10620. Use a scoped API key if available, keep the .env file private, and only download videos for task IDs you recognize.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to execute local shell commands (`curl` and `ls`) to download a remote file onto the user's machine, which expands the skill from MCP-mediated API usage into direct local system modification. This is dangerous because a remotely supplied download URL can point to untrusted content, and the shell-based action bypasses tighter MCP controls, increasing the risk of unsafe file writes, SSRF-style retrieval of attacker-chosen resources, or abuse of local execution capabilities.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The skill metadata claims video download is supported via MCP, but the documented workflow later performs download through local shell commands instead. This mismatch is security-relevant because it can mislead reviewers and users about the skill's real privilege boundary, hiding that it writes files locally and invokes shell operations outside the stated MCP-only model.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The trigger phrases are broad enough to activate on ordinary conversation about creating or discussing videos, not just explicit requests to use this skill. In context, that matters because this skill can submit remote generation jobs and later download files locally, so over-triggering could cause unintended external actions or side effects from casual user language.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill directs the agent to download a remote file into `~/Downloads` using shell commands, but it does not provide an explicit warning or confirmation step for local filesystem modification. This is risky because it normalizes writing externally sourced content to disk without informed consent, and in this skill's context the file URL originates from a remote service that may be compromised or manipulated.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill description is broad and does not define when the agent should invoke the video-generation capability, which can cause overbroad or unintended activation. In an agent environment that can call remote MCP services and consume stored API credentials, vague triggering increases the risk of unnecessary external requests, unintended data disclosure, and misuse of paid third-party operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.