Back to skill

Security audit

Ai Video Gen

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward AI video-generation helper that uses expected cloud providers, local files, and FFmpeg, with some privacy and hardening caveats.

Install this in a virtual environment, keep provider API keys scoped and private, monitor paid API usage, and avoid sending confidential prompts, scripts, images, audio, or videos unless the providers' data policies are acceptable. Keep FFmpeg and Python dependencies updated, and be careful with unusual image filenames and output paths because FFmpeg is invoked locally and selected outputs may be overwritten.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (16)

Tainted flow: 'image_url' from os.getenv (line 49, credential/environment) → requests.get (network output)

Critical
Category
Data Flow
Content
# Download image
        img_path = self.output_dir / f"image_{int(time.time())}.png"
        img_data = requests.get(image_url).content
        with open(img_path, 'wb') as f:
            f.write(img_data)
Confidence
86% confidence
Finding
img_data = requests.get(image_url).content

Tainted flow: 'video_url' from requests.get (line 125, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
# Download video
        video_path = self.output_dir / f"video_{int(time.time())}.mp4"
        video_data = requests.get(video_url).content
        with open(video_path, 'wb') as f:
            f.write(video_data)
Confidence
89% confidence
Finding
video_data = requests.get(video_url).content

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation describes capabilities that require environment-variable access, network access, file writing, and shell/FFmpeg execution, but it does not declare permissions. This creates a transparency and governance gap: users or platforms may authorize or run a skill without understanding that it can access API keys, send data externally, and invoke local tooling.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README instructs users to configure API keys and use multiple third-party AI providers, and it discusses pricing, but it does not clearly warn that prompts, images, narration text, and possibly other generated media will be transmitted to external services and may incur charges. In a skill designed for end-to-end AI video generation, this omission is materially important because users may submit sensitive content or unknowingly trigger paid API usage across several vendors.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly integrates with multiple third-party AI providers for image generation, video generation, and voice-over, yet it does not warn users that prompts, images, audio, and generated media may be transmitted to external services. In this context, that omission is significant because users may submit sensitive creative content, personal voice text, or private media without informed consent about external processing and retention.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
User-provided text is sent to OpenAI's TTS API, which transmits potentially sensitive content to an external service. The code does not provide an explicit warning, consent prompt, or privacy notice at the point of use, so users may unintentionally disclose confidential information.

Unvalidated Output Injection

High
Category
Output Handling
Content
output_path
        ]
        
        result = subprocess.run(cmd, capture_output=True, text=True)
        
        if result.returncode != 0:
            raise Exception(f"FFmpeg error: {result.stderr}")
Confidence
83% confidence
Finding
subprocess.run(cmd, capture_output

Unvalidated Output Injection

High
Category
Output Handling
Content
]
    
    try:
        result = subprocess.run(cmd, capture_output=True, text=True, check=True)
        print(f"✅ Video created: {output_path}")
        return output_path
    except subprocess.CalledProcessError as e:
Confidence
86% confidence
Finding
subprocess.run(cmd, capture_output

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
replicate>=0.20.0
requests>=2.31.0
pillow>=10.0.0
Confidence
93% confidence
Finding
openai>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
replicate>=0.20.0
requests>=2.31.0
pillow>=10.0.0
python-dotenv>=1.0.0
Confidence
93% confidence
Finding
replicate>=0.20.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
replicate>=0.20.0
requests>=2.31.0
pillow>=10.0.0
python-dotenv>=1.0.0
Confidence
95% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
replicate>=0.20.0
requests>=2.31.0
pillow>=10.0.0
python-dotenv>=1.0.0
Confidence
97% confidence
Finding
pillow>=10.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
replicate>=0.20.0
requests>=2.31.0
pillow>=10.0.0
python-dotenv>=1.0.0
Confidence
90% confidence
Finding
python-dotenv>=1.0.0

Known Vulnerable Dependency: requests==2.31.0 — 5 advisory(ies): CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi); CVE-2026-25645 (Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility func) +2 more

Medium
Category
Supply Chain
Confidence
96% confidence
Finding
requests==2.31.0

Known Vulnerable Dependency: pillow==10.0.0 — 10 advisory(ies): CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2024-28219 (Pillow buffer overflow vulnerability); CVE-2023-4863 (libwebp: OOB write in BuildHuffmanTable) +7 more

Critical
Category
Supply Chain
Confidence
99% confidence
Finding
pillow==10.0.0

Known Vulnerable Dependency: python-dotenv==1.0.0 — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
84% confidence
Finding
python-dotenv==1.0.0

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.