Weryai Video Generator
Security checks across malware telemetry and agentic risk
Overview
The skill’s stated video-generation purpose is coherent, but its executable scripts delegate most real behavior to shared core files outside the reviewed artifact, so users cannot fully verify what receives their API key and media inputs from this package alone.
Review this carefully before installing. The visible skill is consistent with a WeryAI video generator, but it depends on external shared core code not included in the package; only install it if you trust that runtime core and the WeryAI API endpoint. Use a scoped WERYAI_API_KEY if available, avoid submitting sensitive media, and do not override the API base URLs unless you control or trust the destination.
SkillSpector
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
57/57 vendors flagged this skill as clean.