Security audit

manim expert

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Manim animation helper, but users should review generated Python code before letting it render videos locally.

Install this only if you are comfortable with an agent creating Manim Python files in the workspace and running Manim locally to render MP4s. Review the generated code and exact render command first, keep outputs in the intended workspace folder, and install Python, Manim, and LaTeX from trusted sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (7)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill expands from prompt/code generation into executing Manim locally and returning rendered video artifacts. That crosses from content generation into acting on the host environment, which can trigger file writes, dependency invocation, and execution of generated code derived from user input without clear safety boundaries.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to enter a directory and run Manim commands, granting operational behavior beyond the stated purpose of producing LaTeX prompts and code. Executing generated code introduces risk from malicious or unsafe user-driven content, dependency abuse, or resource-intensive rendering on the local system.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The README states the skill will 'automatically trigger' whenever Manim animation is needed, but it does not define narrow, user-consented activation criteria. Overly broad auto-triggering can cause the skill to activate in unintended contexts, leading to unsolicited code generation or instruction changes in conversations that merely mention related topics.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list consists of broad topical terms such as 'manim动画', 'latex公式', and '数学动画' without any scoping or intent constraints. This can cause the skill to activate for general conversation about these topics, leading to unintended delegation, unexpected code-generation behavior, or overriding a user's broader request context.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill directs code generation into a workspace folder and sets up subsequent execution behavior without warning the user that files will be created and later run. This undermines informed consent and can surprise users with persistent artifacts or execution side effects in the local environment.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to run the generated code to create a video but provides no warning that local commands will be executed. Running code generated from user descriptions can expose the environment to unsafe subprocess behavior, excessive resource use, or unintended interactions with local files.

Missing User Warnings

Low

Confidence: 82% confidence
Finding: Returning generated video artifacts is lower risk than code execution itself, but the skill gives no notice about how generated files are handled, stored, or exposed. In environments containing sensitive content, artifact retention or sharing can create privacy and data-handling concerns.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal