AI Dance Video Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Media.io API helper for generating dance videos, with expected third-party media sharing and credit-use considerations but no hidden code or local persistence.

Install only if you are comfortable using a Media.io API key and potentially spending Media.io credits. Use media you own or are authorized to share, and avoid private or sensitive image/video URLs unless you accept Media.io processing and public preview-link behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs users to submit image and video URLs to Media.io and later return hosted output URLs, but it does not clearly warn that user media and generated assets are transmitted to and stored by a third-party service. This can cause users to unknowingly disclose sensitive media or private URLs to an external processor, creating privacy, consent, and data-handling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal