Back to skill

Security audit

CN Video Script Writer 短视频脚本生成器

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed short-video writing helper, with only a minor risk that broad trigger phrases may activate it for general content-writing requests.

Safe to install as a writing aid. If you want tighter routing, narrow the trigger phrases so it activates only for explicit short-video script or social-content requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes very broad everyday phrases such as “内容创作”, “帮我写一个视频”, and “开场白”, which can cause the skill to activate in conversations where the user did not explicitly request this capability. Over-broad activation increases the risk of prompt routing mistakes, unexpected context capture, and unintended responses from the wrong skill.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.