Back to skill

Security audit

Tomoviee Text to Video

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Tomoviee/Wondershare text-to-video API helper with normal third-party API and credential-handling cautions, but no evidence of hidden or destructive behavior.

Install only if you intend to use Tomoviee/Wondershare OpenAPI. Use a dedicated API key, avoid sensitive prompts and internal callback URLs, do not share terminal output containing generated Basic tokens, and monitor provider quota or billing when generating videos.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly performs outbound network operations to an external API gateway, but the metadata does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users and hosting platforms may not realize the skill transmits prompts and related parameters off-platform, weakening consent and security review.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill description and usage guidance do not warn users that prompt text and optional callback URLs are sent to a third-party service. Users may include sensitive, proprietary, or personal data in prompts without understanding that it will be transmitted externally, and callback URLs can expose internal endpoints or tokens if misused.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation explicitly encourages use of callback URLs and publicly accessible media URLs but does not warn that prompts, media references, task metadata, and generated results may be sent to external third-party infrastructure. In a skill that processes user-provided creative content, this can lead to unintended disclosure of sensitive user data or internal URLs if operators or downstream agents assume these fields are local-only or privacy-neutral.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script accepts secrets via command-line arguments and prints a credential-derived Basic auth token directly to stdout. Command-line arguments can be exposed through shell history and process listings, and stdout may be captured in logs or terminal scrollback, increasing the risk of credential leakage.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Passing app_key and app_secret via command-line arguments can expose secrets to local users, process listing tools, shell history, audit logs, and crash reporting systems. This is especially risky on shared hosts, CI runners, or managed environments where command lines are routinely captured.

Credential Access

High
Category
Privilege Escalation
Content
app_secret = sys.argv[2]
    
    token = generate_access_token(app_key, app_secret)
    print(f"Access Token: {token}")
    print(f"\nUse in Authorization header as: Basic {token}")
Confidence
93% confidence
Finding
Access Token

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.