Back to skill

Security audit

CreatOK Recreate Video

Security checks across malware telemetry and agentic risk

Overview

This looks like a real CreatOK TikTok remix helper, but it writes detailed analysis files locally with weak path containment and retention controls.

Install only if you are comfortable sending TikTok reference URLs to CreatOK and leaving derived analysis artifacts on disk. Use a revocable CreatOK API key, avoid private or sensitive reference/product material unless necessary, and review or delete the .artifacts directories after use. The publisher should validate run_id values and document retention/cleanup behavior before this is treated as low-friction for broad use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill declares no explicit permissions, yet its metadata and behavior require an API key and network access. That creates a transparency and governance gap: users or hosts may invoke the skill without understanding that external data transfer and secret-backed API usage will occur.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The skill is presented as a creative rewriting/remix tool, but the workflow primarily performs external video analysis and persists detailed source artifacts to disk. This mismatch is dangerous because it can mislead users about what the skill actually does, increasing the risk of unexpected third-party data disclosure, retention of copyrighted/source material, and unsafe downstream automation based on incomplete user understanding.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The function sends a user-supplied TikTok URL to an external client for analysis and writes returned transcript, vision, and video metadata to local artifacts without any visible consent, minimization, or disclosure controls. In a skill ecosystem, this can expose user-provided content and derived sensitive data to third-party services and to local storage, increasing privacy and data-handling risk if users or operators expect only 'recreation' rather than remote analysis and retention.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The handoff guidance uses very broad natural-language triggers such as 'rewrite this for my product' and 'go ahead and generate', which can match many ordinary user requests outside the intended skill boundary. This can cause unintended invocation or transfer of context into another skill, increasing the chance of misrouting, over-collection of user context, or execution of a less-appropriate workflow without clear confirmation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.