Aoment Image Video

Security checks across malware telemetry and agentic risk

Overview

This Aoment media skill matches its stated purpose, but it can fetch arbitrary URLs from the user's environment and upload the results to Aoment without strong limits or warnings.

Review before installing. Use this only if you are comfortable sending prompts, images, local image files, image URLs, and Aoment API-key-authenticated requests to Aoment. Do not provide internal URLs, cloud metadata URLs, private-network addresses, confidential images, or regulated data, and prefer storing the API key outside shell history or shared command logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill explicitly documents network access and local file inputs (`--image ./input.png`) while declaring no permissions, creating a transparency and policy-enforcement gap. Users or hosting platforms may invoke it without realizing it can read local files and send data to an external service, which increases the risk of unintended data exfiltration.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The documentation claims the client only calls the dedicated skill API endpoint, but the implementation also performs outbound requests to arbitrary user-supplied URLs in `_read_image_source` and a separate version-check endpoint in `_check_version`. This mismatch is security-relevant because it hides additional network behavior from users and reviewers, increasing the risk of SSRF-like access to internal resources or unexpected data exfiltration paths.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill advertises automatic agent API key registration and supports sending prompts, images, and possibly local files to a third-party service, but it does not clearly foreground the privacy and credential implications. This can mislead users into sharing sensitive prompts or images without informed consent, especially because registration occurs directly against the vendor service.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill transmits user prompts and potentially sensitive image content to a remote third-party service without any explicit runtime disclosure or consent flow. In this skill context, external transmission is expected for image/video generation, but the lack of clear notice increases the risk of unintentional exfiltration of private data supplied by users or upstream agents.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Accepting the API key directly on the command line exposes the credential to process listings, shell history, audit logs, and job runners on many systems. This is especially risky in agent and multi-user environments where command invocations may be logged automatically.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal