Security audit

AI视频脚本生成器

Security checks across malware telemetry and agentic risk

Overview

This video-script skill saves generated scripts and simple style notes locally, but that behavior is disclosed and fits its stated purpose.

Install only if you are comfortable with generated scripts and style notes being saved under ~/video-scripts/ by default. Avoid entering confidential campaign ideas or personal topics on shared machines unless you plan to manage or delete that local history.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill documentation describes writing scripts and preference data to local storage (`~/video-scripts/`) but does not declare corresponding permissions. Undeclared file-write capability weakens consent and review controls, because the skill can persist user content and preferences outside what a user or platform reviewer may reasonably expect from the manifest.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The skill is presented primarily as a script generator, but its behavior includes creating directories, saving history, and appending memory records on the local filesystem by default. This mismatch is dangerous because users may provide sensitive draft ideas, business plans, or personal preferences without realizing they will be retained persistently, increasing privacy and data exposure risk.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The skill persists user-provided topics, generated hooks, platform choices, and timestamps to local files by default, creating an undisclosed history of potentially sensitive user prompts. In a script-generation context, users may enter confidential campaign plans, business ideas, or personal content themes, so automatic retention increases privacy and data exposure risk if the host system is shared or later compromised.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The code comment and surrounding logic imply conditional saving, but `if args.output or True` guarantees every run writes files to disk. This is dangerous because it defeats user expectations and consent, causing silent persistence of generated content and topic history even when no output path was requested.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: Broad trigger phrases such as '生成脚本', '写视频文案', and '视频脚本' can collide with ordinary user requests and invoke the skill unexpectedly. Because this skill performs persistence, accidental activation can also cause unintended storage of user prompts and preferences, compounding privacy and consent concerns.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill states that user preferences and scripts are stored locally, but it does not present this as a user-facing warning or consent step. Silent persistence of creative content and behavioral preferences can expose sensitive information to other local users, backups, or later unintended reuse.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The script writes output files by default without clearly warning the user in the CLI interface or usage help, which creates a transparency and consent problem. While not a direct code-execution flaw, it can expose sensitive topics or generated scripts on disk unexpectedly, especially on shared machines or managed agent environments.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.