Back to skill

Security audit

music-video

Security checks across malware telemetry and agentic risk

Overview

This is a coherent music-video generation skill that uses expected third-party media APIs and local video tools, with no hidden or destructive behavior found.

Install only if you are comfortable sending lyrics, prompts, uploaded stills, song/audio slices, and related project metadata to Replicate and Pruna under your own API keys. Review outputs before using approval or skip flags, avoid placing secrets in plans or prompts, and prefer pinned dependency versions if you need reproducible production installs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (8)

Tainted flow: 'url' from os.environ.get (line 121, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
def download_url(url: str, destination: Path) -> None:
    destination.parent.mkdir(parents=True, exist_ok=True)
    with urllib.request.urlopen(url, timeout=600) as response:
        destination.write_bytes(response.read())
Confidence
85% confidence
Finding
with urllib.request.urlopen(url, timeout=600) as response:

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documents and directs use of environment variables, local file reads/writes, networked API calls, and shell execution, but it does not declare permissions for those capabilities. That creates a governance and sandboxing gap: operators may approve or run the skill without realizing it can access secrets, transmit data externally, and invoke local commands such as ffmpeg or Python scripts.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The description is broadly phrased and can trigger on common user requests for songs, videos, promos, or paired media, which increases the chance the agent invokes this skill outside a narrowly intended workflow. Because the package also pulls in multiple generation and editing dependencies, overbroad activation can expand capability exposure and cause unintended content generation or routing decisions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This guidance explicitly instructs agents to invoke an external API using `PRUNA_API_KEY` and to pass project artifacts such as scene rows, scripts, URLs, cast ledger slices, and output paths to subagents and remote prediction endpoints, but it does not clearly disclose that user/project data will be transmitted to a third-party service. In an agent skill, that omission is risky because operators or end users may not realize sensitive creative content, internal file paths, or other project metadata is leaving the local environment.

Vague Triggers

Low
Confidence
83% confidence
Finding
The document explicitly exposes gate-bypass flags (`--yes-skip-stills-gate`, `--yes-skip-clips-gate`) and also shows `--phase all --yes-skip-stills-gate`, which weakens human approval controls around costly and sensitive media generation. Even though the text says these are for automation only, the safeguards are advisory rather than enforced here, so an agent or operator could misuse them to skip required review steps and trigger expensive or policy-sensitive generation without approval.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The guidance explicitly constrains `persona_gender` to `female` / `male` and directs agents to match voices and face-swap choices to that binary without any user opt-in or accommodation for non-binary identities. In a media-generation skill, this can lead to identity misrepresentation, exclusionary outputs, and automated demographic assumptions that propagate biased or inappropriate content choices.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends user-provided lyrics and style prompts to Replicate via run_model_prediction, which is an external third-party API. If users or operators are not clearly warned, sensitive or proprietary text may be transmitted off-system unexpectedly, creating a privacy and data-handling risk; in a music-generation skill, lyrics may include unpublished creative work or personal content.

Unpinned Dependencies

Low
Category
Supply Chain
Content
Pillow>=10.0.0
Confidence
95% confidence
Finding
Pillow>=10.0.0

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.