Video Proof

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it claims, but it gives proof specs broad command, network, install, and artifact-sharing authority without enough safeguards.

Use this only with trusted repositories and proof specs. Review start_command, start_port, base_url, goto targets, and API requests before running; avoid production credentials and sensitive staging data; do not allow unexpected sudo or package-manager changes; and inspect or redact videos, screenshots, logs, and API results before committing or sharing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (12)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The documentation explicitly allows proofs against arbitrary external URLs such as staging or other remote hosts, turning a post-implementation demo tool into a general web/API interaction mechanism. In an agent setting, this expands scope from local verification to potentially interacting with sensitive third-party systems, capturing their content, and storing that data in artifacts.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The script executes `spec.start_command` via `spawn('sh', ['-c', spec.start_command], ...)`, and that value is taken directly from the YAML spec or CLI without validation. In an agent skill context, this is dangerous because untrusted task input, PR content, or repository-controlled spec files can cause arbitrary command execution on the runner, which can lead to code execution, secret theft, filesystem tampering, or persistence under the agent's privileges.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The script allows `goto` steps to navigate to any absolute HTTP(S) URL, not just the local app under test. In this skill's agent-driven automation context, that can be abused to make the browser contact attacker-controlled sites, exfiltrate data through requests or screenshots, interact with internal services reachable from the runner, or perform unintended actions using the browser session.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger phrases include broad natural-language expressions like 'show me it working' and 'prove it works', which can match ordinary conversation and cause the skill to activate unexpectedly. Because this skill can run commands, hit URLs, and save recordings/logs, accidental invocation could lead to unintended execution and data capture.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill advertises recording video, screenshots, console logs, and API results, but it does not prominently warn that these artifacts may contain secrets, personal data, tokens, internal URLs, or other sensitive content. This is dangerous because the workflow encourages committing proof artifacts to repositories, increasing the risk of persistent data leakage.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The setup script automatically installs Playwright browsers, system dependencies, and ffmpeg, including privileged package-manager operations, without an explicit consent gate. In an agent skill context this is risky because a user may trigger the skill expecting artifact generation, not host modification or privileged package installation.

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: elif command -v dnf &> /dev/null; then sudo dnf install -y ffmpeg elif command -v pacman &> /dev/null; then sudo pacman -S --noconfirm ffmpeg else echo " ⚠ Could not install ffmpeg automatically. Install manually for mp4 conversion." echo " Video recording still works (produces .webm without ffmpeg)."
Confidence: 94% confidence
Finding: --noconfirm

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: else echo " ffmpeg not found — attempting install..." if command -v apt-get &> /dev/null; then sudo apt-get update -qq && sudo apt-get install -y -qq ffmpeg elif command -v brew &> /dev/null; then brew install ffmpeg elif command -v dnf &> /dev/null; then
Confidence: 91% confidence
Finding: sudo

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: else echo " ffmpeg not found — attempting install..." if command -v apt-get &> /dev/null; then sudo apt-get update -qq && sudo apt-get install -y -qq ffmpeg elif command -v brew &> /dev/null; then brew install ffmpeg elif command -v dnf &> /dev/null; then
Confidence: 91% confidence
Finding: sudo

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: elif command -v brew &> /dev/null; then brew install ffmpeg elif command -v dnf &> /dev/null; then sudo dnf install -y ffmpeg elif command -v pacman &> /dev/null; then sudo pacman -S --noconfirm ffmpeg else
Confidence: 90% confidence
Finding: sudo

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: elif command -v dnf &> /dev/null; then sudo dnf install -y ffmpeg elif command -v pacman &> /dev/null; then sudo pacman -S --noconfirm ffmpeg else echo " ⚠ Could not install ffmpeg automatically. Install manually for mp4 conversion." echo " Video recording still works (produces .webm without ffmpeg)."
Confidence: 93% confidence
Finding: sudo

Tool Parameter Abuse

High

Category: Tool Misuse
Content: elif command -v dnf &> /dev/null; then sudo dnf install -y ffmpeg elif command -v pacman &> /dev/null; then sudo pacman -S --noconfirm ffmpeg else echo " ⚠ Could not install ffmpeg automatically. Install manually for mp4 conversion." echo " Video recording still works (produces .webm without ffmpeg)."
Confidence: 95% confidence
Finding: --noconfirm

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal