Back to skill

Security audit

Shortvideo

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate ShortVideo integration, but it uploads selected media to an external service and can use account credits.

Install only if you trust the ShortVideo provider and publisher. Keep the API key private, verify SHORTVIDEO_BASE_URL is the intended ShortVideo API host, and only provide files, URLs, and prompts you are comfortable sending to the service, especially for non-public or regulated media.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (16)

Tainted flow: 'url' from os.environ.get (line 261, credential/environment) → requests.get (network output)

Critical
Category
Data Flow
Content
"""
    try:
        print(f"  Downloading from URL: {url}")
        response = requests.get(url, timeout=timeout, stream=True)
        response.raise_for_status()

        # Check content type
Confidence
96% confidence
Finding
response = requests.get(url, timeout=timeout, stream=True)

Tainted flow: 'url' from os.environ.get (line 261, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
}

    try:
        response = requests.post(url, json=payload, headers=headers, timeout=30)
        response.raise_for_status()
        result = response.json()
Confidence
80% confidence
Finding
response = requests.post(url, json=payload, headers=headers, timeout=30)

Tainted flow: 'url' from os.environ.get (line 261, credential/environment) → requests.get (network output)

Critical
Category
Data Flow
Content
headers = {"Authorization": f"Bearer {api_key}"}

    try:
        response = requests.get(url, headers=headers, timeout=30)
        response.raise_for_status()
        result = response.json()
Confidence
80% confidence
Finding
response = requests.get(url, headers=headers, timeout=30)

Tainted flow: 'url' from os.environ.get (line 261, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
with open(filepath, "rb") as f:
            files = {"file": (filename, f)}
            data = {"type": upload_type}
            response = requests.post(url, files=files, data=data, headers=headers, timeout=60)
            response.raise_for_status()
            result = response.json()
Confidence
80% confidence
Finding
response = requests.post(url, files=files, data=data, headers=headers, timeout=60)

Tainted flow: 'url' from os.environ.get (line 258, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
with open(filepath, "rb") as f:
            files = {"file": (filename, f)}
            data = {"type": upload_type}
            response = requests.post(url, files=files, data=data, headers=headers, timeout=60)
            response.raise_for_status()
            result = response.json()
Confidence
96% confidence
Finding
response = requests.post(url, files=files, data=data, headers=headers, timeout=60)

Tainted flow: 'url' from os.environ.get (line 71, credential/environment) → requests.get (network output)

Critical
Category
Data Flow
Content
headers = {"Authorization": f"Bearer {api_key}"}

    try:
        response = requests.get(url, headers=headers, timeout=30)
        response.raise_for_status()
        result = response.json()
Confidence
91% confidence
Finding
response = requests.get(url, headers=headers, timeout=30)

Tainted flow: 'url' from os.environ.get (line 261, credential/environment) → requests.get (network output)

Critical
Category
Data Flow
Content
"""
    try:
        print(f"  Downloading from URL: {url}")
        response = requests.get(url, timeout=timeout, stream=True)
        response.raise_for_status()

        # Check file size
Confidence
95% confidence
Finding
response = requests.get(url, timeout=timeout, stream=True)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly states that the skill will automatically upload local files and URL-sourced content to OSS and the ShortVideo backend, but it does not clearly warn users that their local data will be transmitted to external services. In an agent skill context, this increases the risk of unintended disclosure of sensitive files, proprietary media, or private URLs because users may assume processing is local or not realize network transfer occurs automatically.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The README instructs users to place the API key in environment variables or Claude settings but does not warn about protecting credentials from accidental disclosure in shared configuration files, screenshots, shell history, or logs. While common in setup docs, omission of basic credential-handling guidance can still contribute to credential leakage and unauthorized API use.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases include broad terms like 'create video', 'video generation', and common Chinese equivalents that can match many ordinary user requests. Overbroad activation increases the chance the skill runs unexpectedly, causing unintended uploads, API usage, and external data transfer.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill states that local files are uploaded to OSS and URLs are downloaded then uploaded, but it does not provide a prominent user warning in the main description or trigger surface that user-provided files and remote content will be sent to external services. This creates a meaningful risk of unintentional exfiltration of local data and third-party URL content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation states that when a user supplies an HTTP/HTTPS image URL, the system will automatically download the image, upload it to OSS, and then process it, but it does not clearly warn the user that their data is being transferred to external storage/services. This creates a real privacy and data-handling risk because users may unintentionally cause sensitive or proprietary images to be copied to third-party infrastructure and retained beyond their expectations.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation explicitly supports local files and external URLs, and elsewhere notes that URL/media inputs are downloaded, uploaded to OSS, and then sent to remote API endpoints for processing, but it does not present this as a clear user-facing warning at the usage/examples area. This can cause users to unknowingly transmit potentially sensitive local media or third-party content to external storage and processing services, creating privacy, confidentiality, and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
create_task automatically uploads any local file paths found in arguments before creating a task, but only emits console messages like 'Uploading ...' at execution time. In an agent/skill context, that can cause unintended external transmission of local user files without clear advance warning or explicit consent, which is especially sensitive because the skill's purpose is media processing and users may pass local assets casually.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script uploads local files or downloaded remote images to a third-party API without an explicit, in-band warning or confirmation at the point of transmission. In an agent-skill context, this can cause unintended disclosure of proprietary or sensitive images because users may assume local processing when the tool silently transfers files off-host.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill automatically uploads local files and content fetched from remote URLs to an external API, but it does not present an explicit user-facing disclosure at the point of transmission. In an agent skill context, users may provide local media expecting local processing, so silent transmission increases privacy, confidentiality, and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.