Back to skill

Security audit

free-kameo

Security checks across malware telemetry and agentic risk

Overview

This video-generation skill appears related to its purpose, but it handles credentials in risky ways and includes a live-looking API key in its documentation.

Review before installing. Use your own Kameo key, do not reuse any key shown in the docs, avoid passing passwords as command-line arguments, and assume prompts/images may be sent to Kameo and optionally Google Gemini. If you run the registration helper, check and protect or delete ~/.config/kameo/credentials.json afterward.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (21)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill documents use of environment variables, shell scripts, and outbound network access but does not declare corresponding permissions. This creates a transparency and consent problem because an agent or user may invoke capabilities that transmit data or access secrets without an explicit permission model.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The advertised purpose is simple video generation, but the documentation indicates materially broader behavior: account registration/login flows, API key creation, local credential storage, credit checks, and optional transmission of images to third-party vision services. That mismatch is dangerous because users may authorize a narrow media task while the skill performs identity, credential, and data-handling operations beyond their expectations.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The documentation includes a hardcoded live-looking API key and instructions for JWT/account setup, which strongly suggests secret exposure or unsafe secret-handling practices. If the key is valid, third parties could consume credits or access the associated account; even if invalid, normalizing real-looking secrets in docs leads to accidental reuse and leakage.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
Authentication examples show an actual-looking API key both in an export command and in request headers, encouraging insecure copy-paste behavior and exposing credentials in plain text. This can lead to credential theft through logs, shell history, screenshots, and repository indexing.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
This helper goes well beyond a simple media-generation skill by creating accounts, authenticating users, minting API keys, and persisting credentials locally. While that may support use of the service, it materially expands the trust boundary and introduces credential-handling risk that is not clearly justified by the skill's stated purpose.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script creates a long-lived API credential and stores it on disk, increasing exposure if the host is compromised, backups are accessible, or logs reveal the key. Provisioning and persistence of reusable credentials is a sensitive capability and is broader than necessary for one-off video generation operations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill states that images and prompts are sent to a remote API but provides no privacy, retention, or third-party data-sharing warning. Because user images may contain biometric or sensitive personal data, omission of this disclosure can cause unintended exposure and compliance risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The prompt-enhancement workflow recommends sending user images to external vision providers, creating an additional disclosure path beyond the core Kameo service. Without explicit warning and consent, users may unknowingly share sensitive images and metadata with multiple third parties.

Missing User Warnings

High
Confidence
99% confidence
Finding
The usage guide exposes what appears to be a live Kameo API key in environment-variable, config-file, and curl examples. Embedded secrets can be harvested by anyone with repository access and abused to consume credits, impersonate the account, or access associated API resources.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Passing email and password as positional command-line arguments risks exposing credentials through shell history, process listings, terminal logging, and audit systems. This is especially unsafe in shared environments, CI runners, or multi-user systems.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script transmits user-supplied image content to Google's Gemini API for analysis, but the interface text does not clearly warn that the image data will leave the local environment and be processed by a third party. In a media-generation skill handling personal photos and spoken dialogue, this creates a real privacy and compliance risk because users may unknowingly submit sensitive biometric or personal content to an external service.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends a user-supplied email and password to remote authentication endpoints without prominently warning the user that their credentials will be transmitted and processed by third-party services. In a CLI context, users may not realize the sensitivity of command-line password entry or the destination of the credentials.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script silently persists the generated API key to a local file, creating residual credential exposure without first obtaining user approval. Even with restrictive file permissions, local storage can be harvested by malware, exposed through backups, or mishandled by users unaware the secret was written to disk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Printing the API key directly to stdout risks disclosure through terminal logging, screen recording, shell session capture, CI logs, or shared consoles. Sensitive secrets should not be echoed in plaintext unless the user explicitly requests it and understands the exposure.

External Transmission

Medium
Category
Data Exfiltration
Content
## API Details

**Base URL:** `https://api.kameo.chat/api/public`

### Generate Video
Confidence
84% confidence
Finding
https://api.kameo.chat/

External Transmission

Medium
Category
Data Exfiltration
Content
curl -H "X-API-Key: kam_..." https://api.kameo.chat/api/public/credits

# 生成视频
curl -X POST https://api.kameo.chat/api/public/generate \
  -H "X-API-Key: kam_I3rdx43IymFNbfBw1c0ZbSc7o3aUfQgz8cljZA6T7fs" \
  -H "Content-Type: application/json" \
  -d @request.json
Confidence
98% confidence
Finding
https://api.kameo.chat/

Credential Access

High
Category
Privilege Escalation
Content
# 或保存到配置文件
mkdir -p ~/.config/kameo
cat > ~/.config/kameo/credentials.json << EOF
{
  "api_key": "kam_I3rdx43IymFNbfBw1c0ZbSc7o3aUfQgz8cljZA6T7fs"
}
Confidence
98% confidence
Finding
credentials.json

Credential Access

High
Category
Privilege Escalation
Content
# Save to config
    mkdir -p ~/.config/kameo
    cat > ~/.config/kameo/credentials.json << EOF
{
  "api_key": "$KAMEO_KEY",
  "email": "$EMAIL"
Confidence
92% confidence
Finding
credentials.json

Credential Access

High
Category
Privilege Escalation
Content
EOF
    chmod 600 ~/.config/kameo/credentials.json
    
    echo "✅ Saved to ~/.config/kameo/credentials.json"
    echo ""
    echo "Export for current session:"
    echo "  export KAMEO_API_KEY='$KAMEO_KEY'"
Confidence
93% confidence
Finding
credentials.json

Session Persistence

Medium
Category
Rogue Agent
Content
export KAMEO_API_KEY="kam_I3rdx43IymFNbfBw1c0ZbSc7o3aUfQgz8cljZA6T7fs"

# 或保存到配置文件
mkdir -p ~/.config/kameo
cat > ~/.config/kameo/credentials.json << EOF
{
  "api_key": "kam_I3rdx43IymFNbfBw1c0ZbSc7o3aUfQgz8cljZA6T7fs"
Confidence
91% confidence
Finding
mkdir -p ~/.config/kameo cat > ~/.config

Session Persistence

Medium
Category
Rogue Agent
Content
echo ""
    
    # Save to config
    mkdir -p ~/.config/kameo
    cat > ~/.config/kameo/credentials.json << EOF
{
  "api_key": "$KAMEO_KEY",
Confidence
91% confidence
Finding
mkdir -p ~/.config/kameo cat > ~/.config/kameo/credentials.json << EOF { "api_key": "$KAMEO_KEY", "email": "$EMAIL" } EOF chmod 600 ~/.config/kameo/credentials.json echo "✅ Saved

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal, suspicious.potential_exfiltration

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:32

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
USAGE.md:9

Shell script base64-encodes a local file and sends it over the network.

Critical
Code
suspicious.potential_exfiltration
Location
scripts/generate_video.sh:57