缪斯视频创作skill

Security checks across malware telemetry and agentic risk

Overview

This video-planning skill is mostly creative tooling, but it also tells agents to call image-generation tools, prepare execution-ready generator configs, and update/push repository content despite describing itself as non-generation planning.

Install only if you are comfortable with a planning skill that may steer your agent toward image-generation tools and downstream production configs. Keep generation tools disabled unless explicitly needed, review any generated ComfyUI/HyperFrames/Kling/Runway payloads before use, and do not allow repository writes or git push from this skill without a separate explicit approval step.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (36)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The README explicitly instructs users to connect the output to ComfyUI, HyperFrames, Kling, and Runway for image/video generation and compositing, which exceeds the declared planning-only scope of the skill. This creates a scope-bypass risk: an agent or user may reasonably treat the skill as authorized to facilitate downstream generation workflows that the manifest says are out of bounds.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The artifact list includes creative-pack files with ComfyUI/HyperFrames/Kling/Runway downstream configuration and VFX-related outputs, signaling that the skill produces deliverables intended for rendering/generation pipelines. That conflicts with the stated non-rendering, non-generation purpose and can mislead downstream automation into performing actions beyond the approved capability boundary.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The file embeds concrete generator-ready artifacts such as ComfyUI workflows, Kling prompts, and Runway prompts even though the skill metadata says it is not for AI image/video generation. This creates a capability mismatch that can cause downstream agents or users to invoke external generation systems the skill was supposed to avoid, weakening product safety boundaries and policy enforcement.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: A planning-only ideation skill should not ship with direct exports tailored for specific generation engines because those artifacts are operationally actionable rather than merely descriptive. In agentic environments, this can enable prompt laundering or unauthorized handoff from ideation into automated media generation, bypassing intended product segmentation and review controls.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The file explicitly states it can be imported into ComfyUI, HyperFrames, Kling, and Runway for execution, which exceeds the skill's declared scope of planning/storyboarding and turns the asset into an operational handoff for external generation systems. This broadens capability and can enable policy bypass or unintended downstream content generation through tools the host may not govern.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The dedicated 'downstream tool integration' section packages concrete prompts and configuration stubs for multiple external generation platforms, giving the skill an unjustified bridge from ideation into production execution. In context, this is more dangerous because the skill metadata explicitly says it is not for actual rendering/compositing or AI image/video generation, so the file embeds a capability that contradicts the intended trust boundary.

Context-Inappropriate Capability

Low

Confidence: 93% confidence
Finding: The HTML imports Google Fonts from an external domain, which causes network access whenever the file is opened and leaks metadata such as IP address, user agent, and access timing to a third party. In a storyboard/planning skill, this dependency is unnecessary for core functionality and slightly expands the privacy and supply-chain attack surface.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill metadata explicitly says it is not for actual AI image/video generation, yet this file embeds concrete generation workflows, prompts, and tool-ready configuration for ComfyUI, Kling, Runway, and HyperFrames. That scope mismatch can cause downstream agents to invoke external generators or produce media-generation outputs the skill was not supposed to enable, weakening policy boundaries and increasing the chance of unintended tool use.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The file prepares provider-specific generation payloads for external media tools even though the skill is scoped to ideation and planning. In an agentic environment, structured tool-specific configs are more dangerous than plain creative notes because they are immediately reusable by automation, making accidental or unauthorized external generation more likely.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The skill description explicitly says it is not for actual rendering/compositing or AI image/video generation, yet this file advertises that the output can be imported into ComfyUI, HyperFrames, Kling, and Runway for execution. That mismatch can cause capability-boundary violations: downstream agents or users may treat this skill as approved to drive generation workflows it was not supposed to control.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The file provides concrete prompts and workflow placeholders for external generation tools, which turns a planning artifact into an execution handoff for third-party AI systems. In a skill whose declared scope excludes rendering/generation, this broadens operational reach and may enable policy bypass, unreviewed content generation, or unsafe chaining into external tools.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The schema explicitly includes downstream generation and compositing outputs such as ComfyUI, HyperFrames, Kling, and Runway artifacts, which exceeds the skill's declared planning-only scope. This creates a scope-expansion risk: other agents or orchestrators may treat the skill as authorized to produce or pass through executable generation/rendering instructions, increasing the chance of unintended tool invocation or policy bypass.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The schema stores image-generation prompts and generated media references in visual development, which goes beyond ideation and storyboarding into generative asset production. In an agent pipeline, prompt-bearing fields can be consumed by downstream systems as actionable instructions, causing the skill to functionally participate in media generation despite its stated exclusion.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: Storyboard entries contain AI image prompts and generated asset URLs, directly contradicting the manifest's statement that the skill is not for AI image/video generation. This mismatch is dangerous because schema consumers typically trust structured fields more than prose descriptions, so the presence of prompt/output slots can silently enable out-of-scope generation workflows.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: Direct support for external generative-video and compositing ecosystems introduces an integration path that is not justified by the stated creative-planning purpose. Even without embedded code execution, these structured configs can act as high-trust control inputs for powerful external tools, enabling capability creep and making misuse easier in multi-agent environments.

Description-Behavior Mismatch

Medium

Confidence: 87% confidence
Finding: The template explicitly states that its output can be imported into downstream generation/rendering tools, which expands the skill from pre-production planning into operational handoff for AI creation. That conflicts with the declared scope and can enable policy or capability bypass by packaging executable prompts/workflows inside an ostensibly planning-only skill.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: These sections provide concrete ComfyUI/HyperFrames configs and Kling/Runway prompts, which are actionable generation handoff artifacts rather than merely creative planning notes. In context, this makes the skill capable of facilitating AI image/video generation despite its stated description excluding rendering or generation, increasing the risk of hidden scope expansion and downstream misuse.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The SOP explicitly instructs the agent to create files, modify repository content, and perform git commit/push operations. That exceeds the declared skill purpose of creative planning and can induce unauthorized state-changing actions if the agent is given repository or shell access, creating supply-chain and integrity risk.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The documentation grants the agent ongoing content-maintenance authority, including checking for existing entries and updating multiple cross-index tables. For a video ideation skill, these operational permissions are unnecessary and could be misused to alter repository content or persist unreviewed changes beyond a single user request.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The guide explicitly instructs the agent to generate AI images and call an image_gen tool, which conflicts with the skill metadata stating it is not for AI image/video generation. This creates a scope-expansion path where the agent may perform unauthorized tool use beyond its declared purpose, increasing the risk of policy bypass and unintended capability execution.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The file operationalizes use of external image-generation systems and parameters even though the skill is described as helping plan and script video projects rather than render or generate media. In context, this can steer the agent toward unsupported external actions and blur the trust boundary between ideation assistance and content generation.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The pipeline explicitly permits calling `image_gen` to generate moodboard reference images, which conflicts with the skill's declared scope excluding AI image/video generation. This can cause the agent to exceed its allowed capability boundary, surprise users, and invoke external generation tools when the skill is supposed to remain in planning-only mode.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The storyboard phase instructs the system to generate `image_prompt` values and optionally call `image_gen` for panel reference images, directly contradicting the manifest's non-generation scope. Because this occurs late in the pipeline after substantial context assembly, it creates a strong path for unauthorized tool use and accidental escalation from planning into content generation.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The pipeline explicitly permits an `image_gen` call for moodboard creation, which conflicts with the skill's declared scope of not performing AI image/video generation. This creates a scope-boundary violation: a downstream agent or orchestrator may invoke generation tools the user and platform policy do not expect, causing unauthorized capability expansion.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The comparison table normalizes image generation as an allowed pipeline capability, reinforcing behavior that exceeds the published non-generation scope. Even though this is documentation, agent systems often treat reference docs as operational instructions, so the mismatch can lead to unintended tool use and policy bypass through configuration drift.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal