Back to skill

Security audit

video-transcript

Security checks across malware telemetry and agentic risk

Overview

The skill’s transcript function is legitimate, but its setup guide gives the agent broad authority to collect, create, and persist credentials in ways users should review before installing.

Install only if you are comfortable with TranscriptAPI.com receiving the video URLs or IDs you submit and with an API key being available to the agent for reuse. Prefer creating the TranscriptAPI account yourself, entering the key through a secure secret mechanism rather than chat, avoiding OTP sharing through the agent, and knowing how to rotate or remove the stored key later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The document materially expands a video-transcription skill into third-party account registration, email OTP handling, and long-term credential setup. That crosses the stated skill boundary and creates an unnecessary credential-provisioning workflow that could enable secret capture, persistence, and misuse beyond the immediate user request.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
These instructions tell the agent to determine how to persist an environment variable across sessions and shells before any user need is established. Persistently storing a reusable API credential is highly sensitive and unjustified for a skill whose purpose is simply converting video to text, increasing the blast radius if the agent, host, or logs are compromised.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The workflow directs the agent to create an external account on the user's behalf, send the user's email to a third-party service, receive an OTP from the user, and exchange it for an API key. This is a sensitive identity and credential-enrollment flow unrelated to core transcription, and it normalizes the agent acting as an intermediary for authentication secrets.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends user-supplied video URLs and transcript requests to TranscriptAPI.com, but the user-facing description does not clearly disclose that this is a third-party network transfer. That creates a privacy and consent risk because users may provide sensitive or private video links without realizing they are being shared externally.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill asks the user to paste an API key and promises to 'set it up' without warning about the risks of sharing credentials with an agent or how the secret will be stored and used. This weakens informed consent and can lead users to disclose reusable credentials they would otherwise protect.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The instructions have the agent collect a user's email for external transmission and then broker an email-based OTP flow, but provide no privacy notice or consent language for sending personal data to a third-party service. This creates avoidable privacy and phishing-like risk because users are conditioned to relay verification codes through the agent.

Ssd 3

High
Confidence
98% confidence
Finding
The instruction explicitly solicits a secret API key from the user and then directs the agent to persist it for future sessions. Collecting reusable credentials in conversation and storing them long-term creates a durable secret-handling surface that can be abused by prompt injection, tool compromise, or accidental disclosure.

Ssd 3

High
Confidence
96% confidence
Finding
This workflow instructs the agent to process authentication tokens from raw responses/files, collect OTPs from the user, and turn those artifacts into a persisted API credential. That is effectively a credential-harvesting and credential-conversion pipeline, even if intended for convenience, and it significantly increases the chance of secret leakage or misuse.

Ssd 4

Medium
Confidence
90% confidence
Finding
The document uses a stepwise onboarding narrative that culminates in obtaining, extracting, and persistently storing sensitive credentials. In the context of a video-transcript skill, this progressive build-up is especially risky because it disguises substantial secret-management behavior as routine setup for a simple content-processing capability.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.