Reelyze - Instagram Reel, TikTok & Shorts Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Reelyze API helper for analyzing public short-form videos, with expected API-key use and third-party processing disclosed.

Install this only if you want your agent to use Reelyze on public short-form video URLs. Use a dedicated Reelyze API key, avoid private or sensitive content, and confirm before running paid analysis or sending a URL for processing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description and invocation guidance are broad enough to trigger on generic requests about videos, transcripts, hooks, or watch time, which can cause the agent to invoke this external service more often than the user expects. That increases the chance of unnecessary data sharing to a third-party API and may lead to over-collection of user content or URLs without clear intent confirmation.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The instructions tell the agent to send a video URL and API credential to an external service but do not require any user-facing notice about third-party processing, privacy implications, or data handling. This is risky because users may not realize their content links and associated metadata are being transmitted off-platform to a commercial API.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal