Back to skill

Security audit

Pub Vidframes

Security checks across malware telemetry and agentic risk

Overview

This package is framed as a video-frame skill but actually documents a broad external API gateway with email, SMS, search, scraping, and document-processing capabilities that deserve review before install.

Install only if you want a broad SkillBoss API gateway, not just video-frame extraction. Use a restricted API key if available, avoid sending sensitive documents, prompts, media, contact details, or OTP data unless you trust the provider, and require manual approval before any email, SMS, batch messaging, scraping, or paid model action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The manifest and skill name describe a narrowly scoped video-frame extractor, but the body documents a broad third-party multi-purpose API with capabilities far beyond that scope, including chat, search, email, SMS, document parsing, and media generation. This scope mismatch is dangerous because it can mislead users and reviewers about the actual authority and data flows of the skill, increasing the chance that sensitive data is sent to external services or that the skill is used for unintended outbound actions.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Email-sending capability is unrelated to the advertised video frame extraction purpose and enables direct outbound communication to arbitrary recipients through an external service. In a deceptively scoped skill, this creates a meaningful risk of abuse for spam, data exfiltration, or unauthorized notifications without users realizing the skill can transmit contact data and message contents externally.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
SMS/OTP functionality is unrelated to the stated video-processing purpose and permits transmission of phone numbers and verification codes to an external provider. That combination can enable privacy violations, social engineering support, or misuse of OTP workflows if invoked in a broader agent context without tight authorization and user awareness.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Web search and scraping capabilities materially expand the skill's reach beyond video frame extraction by allowing retrieval of external content and possible transmission of user queries to third-party services. In context, this broadens the attack surface and creates unexpected privacy and behavior risks because the skill's true capabilities are much wider than advertised.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Document processing is not justified by the declared video extraction purpose and can result in sensitive files or document URLs being sent to an external parsing service. This is risky because users may not expect a video tool to process documents at all, much less transmit them to a third party for parsing or extraction.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
This file documents broad web search, web scraping, and CEO interview retrieval capabilities that are materially unrelated to the declared purpose of a video frame extraction skill. Such scope mismatch is dangerous because it can hide unexpected data-access and collection features, expand the attack surface, and enable operators or downstream agents to invoke networked reconnaissance or scraping under misleading packaging.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Web search and scraping are unjustified in the context of a video frame extraction skill and indicate unnecessary privileged functionality. If exposed through an apparently harmless media-processing skill, these capabilities could be abused for covert data gathering, policy evasion, or collection of third-party content and personal information without users expecting such behavior.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The documented capabilities substantially exceed the skill's stated purpose of video frame and clip extraction, introducing hidden or unexpected functionality such as email, SMS, document parsing, embeddings, and presentation generation. This scope mismatch is dangerous because it can enable data exfiltration, unauthorized communications, or expanded abuse paths that users and reviewers would not reasonably expect from a video-processing skill.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Email and SMS sending are especially sensitive capabilities because they allow external communications, mass messaging, and potential transmission of user data or generated content outside the system boundary. In a skill presented as video extraction, these tools are context-inappropriate and more dangerous because they create an unexpected channel for spam, phishing, OTP abuse, or covert exfiltration.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Document parsing, embeddings, and presentation generation are unrelated to the advertised video-extraction purpose and expand the skill's access to additional data types and processing workflows. While less immediately dangerous than messaging tools, this hidden breadth increases the attack surface and can facilitate unauthorized document ingestion, semantic processing, or misuse of supplied content beyond user expectations.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The markdown provides email and SMS examples but does not warn that recipient email addresses, phone numbers, message contents, and verification codes are sent to an external service. This omission undermines informed consent and increases privacy and compliance risk, especially because these messaging actions are outside the skill's stated purpose.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.