Back to skill

Security audit

Ai Video Gen 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This skill performs the AI video-generation work it advertises, with ordinary external-provider, API-key, dependency, and media-processing risks but no evidence of hidden or malicious behavior.

Install this in a virtual environment, pin or lock dependency versions, keep API keys in a private .env file, and use project-scoped keys with spending limits. Do not submit confidential prompts, narration, or proprietary media unless you are comfortable sending that data to the configured AI providers. Review output paths before running because FFmpeg commands can overwrite existing files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (16)

Tainted flow: 'video_url' from requests.get (line 125, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
# Download video
        video_path = self.output_dir / f"video_{int(time.time())}.mp4"
        video_data = requests.get(video_url).content
        with open(video_path, 'wb') as f:
            f.write(video_data)
Confidence
83% confidence
Finding
video_data = requests.get(video_url).content

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill documentation advertises capabilities that inherently require network access, shelling out to FFmpeg, reading environment variables for API keys, and writing output files, yet it declares no permissions. This creates a transparency and policy-enforcement gap: users or platforms cannot accurately assess or constrain what the skill will do before execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
83% confidence
Finding
The documented behavior does not cleanly match the actual capability surface: it includes standalone media-manipulation utilities beyond the headline description and claims Runway support that is apparently not implemented. This mismatch is dangerous because users may grant trust or provide sensitive media under incorrect assumptions about what the skill does, and unimplemented/incorrectly documented integrations often lead to unsafe fallbacks or ad hoc code paths.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The quick start directs users to submit prompts and optional voiceover text to OpenAI and LumaAI, but it does not warn that this content is transmitted to third-party AI services. Users may reasonably paste sensitive, proprietary, or personal data into prompts or narration fields without realizing it leaves the local environment, creating privacy and compliance risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README instructs users to configure API keys and use multiple external AI providers, but it does not clearly warn that prompts, images, audio, and possibly generated video content may be transmitted to third-party services. This creates a privacy and data-governance risk because users may unknowingly submit sensitive or proprietary content to external vendors with different retention, training, and logging practices.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to supply third-party API keys and use external AI/video/voice services, but it does not disclose that prompts, narration text, images, and possibly video content may be transmitted off-host to those providers. In a media-generation context this is significant because uploaded content can contain sensitive personal, proprietary, or copyrighted material, and users are not warned about the privacy and compliance implications.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
User prompt data and an image reference are transmitted to an external AI service without an explicit privacy notice or consent checkpoint. In an agent skill context, prompts may contain sensitive business or personal data, making silent third-party transmission more dangerous than in a clearly interactive consumer app.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Voiceover text is sent to OpenAI TTS without clearly informing the user that potentially sensitive narration content leaves the local environment. In automation or agent settings, this can cause inadvertent disclosure of confidential text to an external service.

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
replicate>=0.20.0
requests>=2.31.0
pillow>=10.0.0
Confidence
95% confidence
Finding
openai>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
replicate>=0.20.0
requests>=2.31.0
pillow>=10.0.0
python-dotenv>=1.0.0
Confidence
95% confidence
Finding
replicate>=0.20.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
replicate>=0.20.0
requests>=2.31.0
pillow>=10.0.0
python-dotenv>=1.0.0
Confidence
98% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
replicate>=0.20.0
requests>=2.31.0
pillow>=10.0.0
python-dotenv>=1.0.0
Confidence
99% confidence
Finding
pillow>=10.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
replicate>=0.20.0
requests>=2.31.0
pillow>=10.0.0
python-dotenv>=1.0.0
Confidence
93% confidence
Finding
python-dotenv>=1.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
90% confidence
Finding
requests

Known Vulnerable Dependency: pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
97% confidence
Finding
pillow

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
75% confidence
Finding
python-dotenv

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.