Back to skill

Security audit

Visla AI Video Creation

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Visla video-generation skill, with expected credential use and content uploads that users should understand before using it.

Install this only if you intend to use Visla and are comfortable sending selected scripts, URLs, documents, images, videos, or audio to Visla for processing. Use a dedicated Visla API key if possible, do not paste secrets into normal chat output, approve saved-credential access only when expected, and avoid confidential or regulated files unless your policies allow Visla processing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill uses sensitive capabilities including environment-variable access, local file reads, network calls, and shell execution, but does not declare permissions explicitly. This weakens reviewability and consent boundaries because operators and users cannot easily see the full power the skill will exercise before it runs.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The declared description says the skill creates videos from scripts, URLs, or PPT/PDF and checks credits, but the instructions also support idea input, visual and speech uploads, avatar/voice enumeration, and broader account data access. This mismatch can cause the skill to be invoked in contexts the user did not expect, increasing the chance of unnecessary file access, data upload, or account exposure.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description uses broad trigger phrasing such as 'use when the user asks to generate a video' and similar language that could match many ordinary requests. Over-broad routing can cause the skill to activate unexpectedly and prompt for credentials, read local files, or upload user content to a third-party service without sufficiently precise intent matching.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
This CLI transmits user-provided scripts, URLs, document references, and authenticated metadata to Visla's external API, and related flows later upload raw files to presigned URLs, but there is no explicit privacy or data-sharing warning at the point of use. In a skill context, users may not realize their content is being sent off-platform, which can lead to unintended disclosure of proprietary or sensitive materials.

External Transmission

Medium
Category
Data Exfiltration
Content
local result=""
    local curl_exit=0
    if [ "$method" = "GET" ]; then
        result=$(curl -sS -X GET "$full_url" \
            -H "Content-Type: application/json; charset=utf-8" \
            -H "User-Agent: $USER_AGENT" \
            -H "key: $VISLA_API_KEY" \
Confidence
91% confidence
Finding
curl -sS -X GET "$full_url" \ -H "Content-Type: application/json; charset=utf-8" \ -H "User-Agent: $USER_AGENT" \ -H "key: $VISLA_API_KEY" \ -H "ts: $ts

External Transmission

Medium
Category
Data Exfiltration
Content
-H "nonce: $nonce" \
            -H "sign: $sign" ${data:+-d "$data"} 2>&1) || curl_exit=$?
    else
        result=$(curl -sS -X POST "$full_url" \
            -H "Content-Type: application/json; charset=utf-8" \
            -H "User-Agent: $USER_AGENT" \
            -H "key: $VISLA_API_KEY" \
Confidence
91% confidence
Finding
curl -sS -X POST "$full_url" \ -H "Content-Type: application/json; charset=utf-8" \ -H "User-Agent: $USER_AGENT" \ -H "key: $VISLA_API_KEY" \ -H "ts: $t

External Transmission

Medium
Category
Data Exfiltration
Content
esac

    local upload_response
    upload_response=$(curl -s -w "%{http_code}" -X PUT "$upload_url" \
        -H "Content-Type: $content_type" \
        -H "User-Agent: $USER_AGENT" \
        --data-binary "@$file") || {
Confidence
89% confidence
Finding
curl -s -w "%{http_code}" -X PUT "$upload_url" \ -H "Content-Type: $content_type" \ -H "User-Agent: $USER_AGENT" \ --data-binary

External Transmission

Medium
Category
Data Exfiltration
Content
esac

    local upload_response
    upload_response=$(curl -s -w "%{http_code}" -X PUT "$UPLOAD_URL" \
        -H "Content-Type: $content_type" \
        -H "User-Agent: $USER_AGENT" \
        --data-binary "@$file") || {
Confidence
89% confidence
Finding
curl -s -w "%{http_code}" -X PUT "$UPLOAD_URL" \ -H "Content-Type: $content_type" \ -H "User-Agent: $USER_AGENT" \ --data-binary

Session Persistence

Medium
Category
Rogue Agent
Content
**Version: 260501-1423**

Create AI-generated videos from text scripts, web URLs, or documents (PPT/PDF) using Visla's OpenAPI.

## Before You Start
Confidence
88% confidence
Finding
Create AI-generated videos from text scripts, web URLs, or documents (PPT/PDF) using Visla's OpenAPI. ## Before You Start **Credentials** (NEVER output API keys/secrets in responses): **IMPORTANT**

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.