Security audit

Video Analyzer CN

Security checks across malware telemetry and agentic risk

Overview

This video-analysis skill performs the download, frame extraction, and local image analysis it advertises, with no evidence of deception, exfiltration, persistence, or destructive behavior.

Install only if you are comfortable with the agent downloading video URLs you provide, opening Douyin pages through browser tooling when needed, creating local video/frame files, and sending extracted frames to your local Ollama service. Prefer explicit prompts, avoid unknown or very large links, and periodically clean the declared temporary workspace.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill clearly instructs the agent to read local reference files and access external network resources to download videos, but it declares no permissions. This creates a transparency and policy-enforcement gap: users and the runtime may not realize the skill can fetch remote content and process local files, increasing the chance of unintended data handling or unauthorized actions.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: The skill promises a fully automated cross-platform workflow, but the described behavior depends on undeclared external scripts, browser interaction, localhost services, and partially implemented platform support. This mismatch is dangerous because users may consent to one class of action while the skill actually performs different or additional operations, undermining informed consent and safe review.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger list includes very generic terms such as '视频', '分析', and 'video', making accidental activation likely during ordinary conversation. Because this skill can download content, invoke external tools, and create local files, unintended triggering raises the risk of unplanned network access and local resource consumption.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill description does not prominently warn that it downloads videos and stores temporary media files locally. In a tool that handles potentially large remote content and persists artifacts under a user profile workspace, missing disclosure can lead to privacy surprises, disk consumption, and retention of sensitive media without informed consent.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal