Back to skill

Security audit

Ai Video Pipeline

Security checks across malware telemetry and agentic risk

Overview

The skill appears to make AI videos as advertised, but users should review it because it sends scripts to external AI services and its default cache can reuse prior media without verifying it matches the current script.

Install only if you are comfortable sending scripts, prompts, generated audio/video, and API-authenticated requests to the named third-party services. Use a fresh work directory or clear /tmp/video-poc between jobs, and avoid sensitive or proprietary scripts unless you have reviewed the providers' data-handling and cost implications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Tainted flow: 'audio_url' from requests.post (line 112, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
# 下载音频
        if verbose: print(f"  📥 下载 BGM...")
        dl_resp = requests.get(audio_url, timeout=60, proxies=PROXIES)
        if dl_resp.status_code != 200:
            if verbose: print(f"  ⚠️ 下载失败: HTTP {dl_resp.status_code}")
            return None
Confidence
92% confidence
Finding
dl_resp = requests.get(audio_url, timeout=60, proxies=PROXIES)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The secondary retrieval step downloads arbitrary content from a URL supplied by a remote service, which adds a broader outbound-fetch capability than a single fixed API call. In this skill context, that is more dangerous because the downloaded file is stored locally and may later be consumed by media tooling, increasing exposure to malicious payloads or SSRF-style misuse.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states that completed videos are automatically sent via Feishu, but the activation/description text does not clearly warn users that their generated content will be transmitted to a third-party messaging platform. This is dangerous because users may provide sensitive scripts or private topics assuming local generation, leading to unintended disclosure once the automatic send step occurs.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The pipeline sends full script text to an external TTS provider via generate_tts without any explicit notice, consent gate, or indication of what data leaves the system. If users include sensitive, proprietary, or personal content in the script, that data may be disclosed to third parties unexpectedly, creating a privacy and compliance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
In auto clip mode, paragraph text is converted into prompts and sent to an external AI video generation service without an explicit warning or confirmation. Because this happens automatically for each paragraph, users may unknowingly transmit large portions of their script to a remote provider, increasing privacy, confidentiality, and policy exposure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
User-provided script text is sent to an external WebSocket TTS service, which creates a real data egress/privacy risk if users are not explicitly informed or if sensitive content is included. In a conversational video-generation skill, this is contextually expected, but it still matters because scripts may contain proprietary or personal data and the transfer happens automatically once invoked.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The keyword list includes broad, high-frequency terms such as '公司', '规则', and '老板' that commonly appear in ordinary conversation, so this style may be selected when the user did not actually request this specific 'cognitive teardown' framing. In this skill, unintended style activation can steer generated video scripts toward sharper ideological or workplace-power analysis than the user intended, causing misfires, confusing outputs, and potentially unsafe or policy-sensitive framing escalation.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.