Back to skill

Security audit

Agnes Video V2.0

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a disclosed Agnes video-generation wrapper, but it should go to Review because its connection test creates a real remote video job and its external data/download handling is under-scoped.

Install only if you are comfortable sending prompts and public image URLs to Agnes and potentially creating billable video jobs. Avoid sensitive prompts, private/internal image URLs, and secrets. Do not run the connection-test script unless you intend to create a real test video job, and choose output paths carefully because generated content is downloaded directly to the requested file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script is labeled and presented as a connection test, but it sends a real authenticated POST to the production video-creation endpoint and creates an actual generation job. This can cause unintended external side effects such as billable usage, quota consumption, and creation of remote artifacts when a user expects a harmless connectivity check.

Intent-Code Divergence

Low
Confidence
89% confidence
Finding
The comment and messaging describe the operation as a simple test, but the code performs an actual video task creation. This mismatch increases the risk of deceptive or unsafe use because operators may run it without realizing it has real cost and side effects.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes broad generic terms such as "动画", "动态", and "motion", which can cause the skill to activate for ordinary user requests that are not specifically about external video generation. In this context, unintended activation matters because the skill can send prompts and image URLs to a third-party API and initiate file downloads, increasing the chance of accidental data disclosure or unnecessary external actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill documents external API usage and local video download behavior but does not clearly warn users that their prompts and image URLs are transmitted to a third-party service and that generated files are stored locally. This creates a privacy and data-handling risk, especially if users provide sensitive images, internal URLs, or confidential creative prompts without informed consent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation instructs users to send prompts and externally hosted image URLs to a third-party API, but it does not warn that this data leaves the local environment and is transmitted to an external service. This can lead to unintended disclosure of sensitive prompts, internal URLs, or private image resources, especially if users assume the skill operates locally or do not realize remote fetches are involved.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends user-supplied prompts and image URLs to a third-party API without any explicit disclosure or consent step. In a skill context, prompts and referenced images may contain sensitive internal data, so silent transmission to an external service creates a real confidentiality risk.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The script downloads remote content from a URL returned by an external service and writes it directly to a local file without validating the URL, content type, or size. This can expose users to unexpected or unsafe content and overwrite locally chosen paths with untrusted data.

External Script Fetching

High
Category
Supply Chain
Content
echo "  URL: $VIDEO_URL"
    
    if [ "$OUTPUT_FILE" != "video_output.mp4" ]; then
      curl -sf -o "$OUTPUT_FILE" "$VIDEO_URL"
      echo "  Saved to: $OUTPUT_FILE"
    fi
    exit 0
Confidence
84% confidence
Finding
curl -sf -o "$OUTPUT_FILE" "$VIDEO_URL" echo " Saved to: $OUTPUT_FILE" fi exit 0 elif [ "$STATUS" = "failed" ]; then ERROR=$(echo "$RESPONSE" | python

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.