kameo

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but it bundles risky credential handling and publishes a live-looking API key, so users should review it before installing.

Install only if you are comfortable sending selected images and prompts to Kameo, and using Gemini for enhanced prompts. Do not use the API key shown in the documentation; create your own key and store it securely. Avoid running register.sh with real passwords until the password handling and credential storage flow are improved, and do not pass untrusted filenames or dialogue text to the current prompt-enhancement scripts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration

Findings (23)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill documentation indicates use of environment variables, shell scripts, and network calls, but no permissions are declared. That creates a transparency and sandboxing problem because a caller may invoke a skill with broader capabilities than expected, including outbound network access and credential handling.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The stated purpose is simple video generation, but the documented behavior extends into account registration, API key creation, credential storage, credit checks, and third-party prompt enhancement with external vision models. This mismatch hides materially different security and privacy behaviors from users, increasing the chance of unintended credential creation, data disclosure, and broader account operations.

Context-Inappropriate Capability

Medium

Confidence: 83% confidence
Finding: Including registration helpers and API key creation steps expands the skill from content generation into account lifecycle management. That broader scope increases risk because it may lead users to create persistent credentials and accounts without clear boundary-setting or security disclosures.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The script performs account registration, authentication, API key creation, and secret storage, which exceeds the stated talking-head video generation purpose. While likely intended as setup convenience, this expands the skill's trust boundary and handles sensitive credentials and tokens in a way users may not expect from the manifest description.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The script persists the generated API key to ~/.config/kameo/credentials.json, creating local credential storage not justified by the advertised media-generation behavior. Persistent secret storage increases exposure if the host is shared, backed up insecurely, or later accessed by other tools or malware.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documented API call sends base64-encoded user images and prompts to a remote service, but the skill does not clearly warn users that potentially sensitive biometric or personal content will leave the local environment. Without explicit disclosure and consent, users may unknowingly transmit private images, voice/dialogue content, or regulated data to third parties.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The guide publishes a real-looking Kameo API key directly in environment-variable and config-file examples. Exposed secrets can be reused by anyone reading the documentation, leading to unauthorized API usage, billing abuse, quota exhaustion, and possible access to account-linked resources.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: Passing a password as a shell positional argument exposes it to shell history, process listings, logging, and potentially other local users on shared systems. Even if used only for initial registration, this pattern trains insecure credential handling and increases the risk of account compromise.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The API reference includes a hardcoded live-looking API key in a curl example, which is a direct secret disclosure. Attackers can reuse such keys for unauthorized requests, consume credits, and potentially access or generate content under the victim account.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script transmits the supplied image and dialogue content to Google's Gemini API, but only prints a generic 'Analyzing image with Gemini...' message and does not clearly obtain informed consent or warn about third-party data transfer. Because this skill processes potentially sensitive biometric imagery and user-provided speech content, users may unknowingly disclose personal data to an external service.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script base64-encodes a local image and sends it, along with the user prompt, to a third-party remote API without any explicit privacy notice or confirmation step. In a media-generation skill this transmission is expected for functionality, but users may still unknowingly upload sensitive images or text, creating a real privacy and data-handling risk.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The signup flow sends the user's email and password to a remote Supabase authentication endpoint without an explicit warning or consent step. Even over HTTPS, silently collecting and transmitting credentials is security-sensitive and can mislead users about what data leaves their environment.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The login flow transmits credentials to an external auth service and then handles a bearer token, but the script does not clearly disclose this network transfer or token handling to the user. This is risky because it normalizes entering passwords into local scripts and broadens exposure of authentication material.

External Transmission

Medium

Category: Data Exfiltration
Content: ### Generate Video ```bash curl -X POST https://api.kameo.chat/api/public/generate \ -H "X-API-Key: kam_I3rdx43IymFNbfBw1c0ZbSc7o3aUfQgz8cljZA6T7fs" \ -H "Content-Type: application/json" \ -d '{
Confidence: 98% confidence
Finding: curl -X POST https://api.kameo.chat/api/public/generate \ -H "X-API-Key: kam_I3rdx43IymFNbfBw1c0ZbSc7o3aUfQgz8cljZA6T7fs" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: ### Generate Video ```bash curl -X POST https://api.kameo.chat/api/public/generate \ -H "X-API-Key: kam_I3rdx43IymFNbfBw1c0ZbSc7o3aUfQgz8cljZA6T7fs" \ -H "Content-Type: application/json" \ -d '{
Confidence: 98% confidence
Finding: https://api.kameo.chat/

External Transmission

Medium

Category: Data Exfiltration
Content: # Try signup first echo "1. Attempting signup..." SIGNUP_RESULT=$(curl -s -X POST "$SUPABASE_URL/auth/v1/signup" \ -H "apikey: $SUPABASE_ANON_KEY" \ -H "Content-Type: application/json" \ -d "{\"email\":\"$EMAIL\",\"password\":\"$PASSWORD\"}")
Confidence: 83% confidence
Finding: curl -s -X POST "$SUPABASE_URL/auth/v1/signup" \ -H "apikey: $SUPABASE_ANON_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: # If signup failed, try login echo "2. Attempting login..." LOGIN_RESULT=$(curl -s -X POST "$SUPABASE_URL/auth/v1/token?grant_type=password" \ -H "apikey: $SUPABASE_ANON_KEY" \ -H "Content-Type: application/json" \ -d "{\"email\":\"$EMAIL\",\"password\":\"$PASSWORD\"}")
Confidence: 84% confidence
Finding: curl -s -X POST "$SUPABASE_URL/auth/v1/token?grant_type=password" \ -H "apikey: $SUPABASE_ANON_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: # Create API key echo "3. Creating Kameo API key..." API_KEY_RESULT=$(curl -s -X POST "https://api.kameo.chat/api/public/keys" \ -H "Authorization: Bearer $ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d '{"name":"Generated via CLI"}')
Confidence: 78% confidence
Finding: curl -s -X POST "https://api.kameo.chat/api/public/keys" \ -H "Authorization: Bearer $ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: # Create API key echo "3. Creating Kameo API key..." API_KEY_RESULT=$(curl -s -X POST "https://api.kameo.chat/api/public/keys" \ -H "Authorization: Bearer $ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d '{"name":"Generated via CLI"}')
Confidence: 78% confidence
Finding: https://api.kameo.chat/

Credential Access

High

Category: Privilege Escalation
Content: # Save to config mkdir -p ~/.config/kameo cat > ~/.config/kameo/credentials.json << EOF { "api_key": "$KAMEO_KEY", "email": "$EMAIL"
Confidence: 95% confidence
Finding: credentials.json

Credential Access

High

Category: Privilege Escalation
Content: "email": "$EMAIL" } EOF chmod 600 ~/.config/kameo/credentials.json echo "✅ Saved to ~/.config/kameo/credentials.json" echo ""
Confidence: 88% confidence
Finding: credentials.json

Credential Access

High

Category: Privilege Escalation
Content: EOF chmod 600 ~/.config/kameo/credentials.json echo "✅ Saved to ~/.config/kameo/credentials.json" echo "" echo "Export for current session:" echo " export KAMEO_API_KEY='$KAMEO_KEY'"
Confidence: 86% confidence
Finding: credentials.json

Session Persistence

Medium

Category: Rogue Agent
Content: echo "" # Save to config mkdir -p ~/.config/kameo cat > ~/.config/kameo/credentials.json << EOF { "api_key": "$KAMEO_KEY",
Confidence: 90% confidence
Finding: mkdir -p ~/.config/kameo cat > ~/.config/kameo/credentials.json << EOF { "api_key": "$KAMEO_KEY", "email": "$EMAIL" } EOF chmod 600 ~/.config/kameo/credentials.json echo "✅ Saved

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal