aivideomaker-test-api

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward AIVideoMaker API wrapper, with expected access to your API key and generation task data.

Install this only if you want an agent to use your AIVideoMaker account. Use a dedicated or easily rotated API key, avoid sending sensitive prompts or images unless you trust the provider, and review creation or cancellation requests because they can consume credits or change task state.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The examples document a `GET /api/v1/tasks` task-listing capability that is not described in the manifest, creating a hidden or under-declared capability. Undocumented enumeration features can expand the skill's effective permissions and enable unintended access to historical task metadata, prompts, outputs, or identifiers if consumers rely on the manifest for security review and allowlisting.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal