Back to skill

Security audit

Anime Drama

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do the advertised anime-video workflow, but it runs shell commands built from user story text and exposes the RunningHub API key in command strings.

Review before installing. Only use it with story text and generated images you are comfortable sending to RunningHub and storing locally, and avoid untrusted or adversarial story text until the maintainer replaces shell=True command strings with argument-list subprocess calls and redacts API keys from logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run(cmd, timeout=300, check=True):
    """执行shell命令"""
    print(f"[CMD] {cmd}", file=sys.stderr)
    result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=timeout)
    if result.returncode != 0 and check:
        print(f"[ERROR] stdout: {result.stdout}", file=sys.stderr)
        print(f"[ERROR] stderr: {result.stderr}", file=sys.stderr)
Confidence
98% confidence
Finding
result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=timeout)

Tainted flow: 'cmd' from os.environ.get (line 129, credential/environment) → subprocess.run (code execution)

Medium
Category
Data Flow
Content
def run(cmd, timeout=300, check=True):
    """执行shell命令"""
    print(f"[CMD] {cmd}", file=sys.stderr)
    result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=timeout)
    if result.returncode != 0 and check:
        print(f"[ERROR] stdout: {result.stdout}", file=sys.stderr)
        print(f"[ERROR] stderr: {result.stderr}", file=sys.stderr)
Confidence
91% confidence
Finding
result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=timeout)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares required binaries and an API key but does not explicitly declare permissions despite clearly requiring environment access, local file read/write, and shell execution. This weakens the platform's trust and consent model because users may invoke a skill with broader capabilities than are transparently disclosed.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The documented purpose focuses on generating anime videos from story text, but the behavior also includes uploading images to RunningHub and reportedly checking remote account/service state. Undisclosed remote interactions are security-relevant because they expand the data flow and operational scope beyond what a user would reasonably expect from the description alone.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill processes user-provided story text and generated images through external RunningHub AI services, but the description does not warn users that this content leaves the local environment. This creates a privacy and confidentiality risk, especially if users provide unpublished, sensitive, or proprietary text that they assume will be handled locally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The notes instruct users to upload a local file and include an API key in a request to an external service, but they do not disclose the data-transfer and credential-exposure implications. In a skill that automates media generation from user content, this omission can cause users to unknowingly send sensitive local images or reusable credentials to a third party.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.