特看视频

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Tekan/TopView media-generation skill, but users should understand that it stores service credentials locally and uploads selected media to an external AI service.

Install only if you are comfortable authorizing Tekan/TopView, storing its credentials on this machine, and sending chosen media files to that service. Get clear consent before cloning any person's voice or using face/voice media, avoid uploading sensitive files, use webhook URLs only when you trust the destination, and verify IDs before deleting boards or custom voices.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (19)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: This file implements account credit and benefit-consumption inspection features that are unrelated to the declared creative-generation purpose of the skill. In an agent-skill context, hidden or unjustified access to billing or usage data expands the skill's privilege surface and can expose sensitive account metadata to users or downstream workflows without clear need or consent.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The code directly queries quota and benefit history endpoints using the authenticated client's token headers, giving the skill visibility into billing, quota, and task-consumption records. Because the stated skill purpose is media generation, this capability is unjustified by context and could be abused to enumerate sensitive account information, infer user activity patterns, or leak internal usage data.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The README encourages activation from very broad natural-language requests instead of narrowly scoped, explicit intents. In an agent environment, this can cause the skill to activate on ambiguous user input and gain access to sensitive media-generation or account-backed actions the user did not clearly intend to invoke.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The activation language is expansive and includes catch-all phrases like using the skill for 'any creative content generation workflow,' which can overlap with ordinary conversation. This increases the risk of over-triggering, unintended tool use, and surprise execution of external operations on user content or stored credentials.

Missing User Warnings

High

Confidence: 94% confidence
Finding: The README promotes voice cloning and states that login credentials are automatically saved locally, but provides no warning about privacy, consent, retention, or local secret protection. In this skill’s context, users may upload biometric voice data and authenticate a paid external service, creating meaningful risk of unauthorized cloning, credential compromise, or misuse of persisted tokens.

Vague Triggers

High

Confidence: 94% confidence
Finding: The trigger description is extremely broad and includes catch-all phrases like using the skill for 'any creative content generation workflow' even when the user does not name the tool. Overbroad routing can cause accidental invocation in unrelated conversations, leading to unnecessary authentication prompts, external data transmission, or unintended use of powerful generation and account-linked features.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill promotes voice cloning, digital humans, and related media-generation workflows without any built-in notice about consent, impersonation risk, or rights to the source media. In this context, omission of these safeguards raises the likelihood of non-consensual cloning or deceptive content generation.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation states that OAuth credentials will be saved to ~/.tekan/credentials.json but does not clearly disclose this storage behavior to the user as part of the consent flow. Silent local credential persistence increases the risk of credential exposure on shared machines, backups, or insecure file-permission settings.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation explicitly encourages supplying local image/audio paths, downloading generated videos to local files, and optionally sending completion callbacks to a webhook, but it does not clearly warn that these actions transmit user-provided media and metadata to an external service and may persist outputs locally. In a creative-media skill handling photos, voice, and avatar generation, this omission can cause users to unknowingly expose sensitive biometric or personal content to third parties and to arbitrary callback endpoints.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation exposes a destructive `delete` operation without any warning, confirmation requirement, or guidance to verify user intent. In an agent-driven workflow, this increases the chance of accidental or unauthorized deletion of boards and their associated generated assets, especially if the agent follows terse user prompts or misinterprets context.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The skill instructs the agent to present edit links to users but does not warn that these links may grant direct access to board content or editing functionality. If links are exposed in the wrong context, shared inadvertently, or logged, they could leak private generated media or enable unintended modification depending on server-side access controls.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation explicitly supports passing local product, face, and template images to a script that submits processing jobs, but it does not warn that these files may be uploaded to an external AI service. In an image-generation and avatar workflow, users may provide sensitive or personal data, so the lack of disclosure can cause unintended transfer of personal images and privacy/compliance issues.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation exposes a `--notice-url` webhook option without warning users that task completion metadata or result references will be sent to an external endpoint. In a media-processing skill that handles product images and generated assets, this can lead to unintended disclosure of task IDs, file URLs, or other workflow data if users supply third-party or attacker-controlled URLs.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documentation explicitly says local image/video paths supplied in `--input-images` and `--input-videos` will be automatically uploaded, but it does not warn about remote transmission, privacy implications, or the risk of unintentionally sending sensitive local files to a third-party service. In a content-generation skill that accepts arbitrary local media paths, this increases the chance of accidental data exfiltration by users or downstream agents acting on their behalf.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation actively enables voice cloning from uploaded audio samples but provides no warning or gating around consent, impersonation risk, privacy, or the biometric sensitivity of voice data. In this skill’s context, that omission is more dangerous because the capability is directly tied to cloning a specific person’s voice, which can facilitate fraud, impersonation, and unauthorized biometric data processing.

Missing User Warnings

Low

Confidence: 86% confidence
Finding: The delete operation is documented without warning that removing a cloned/custom voice may be irreversible, which can cause accidental loss of user-created assets and make recovery difficult. While this is less severe than the cloning issue, the skill context still makes it meaningful because users may manage multiple custom voices and could unintentionally delete valuable voice models.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script can automatically upload local files via resolve_local_file and download remote video content into a user-specified output directory, but it provides no consent gate or prominent warning that local data will be transferred to an external service and files will be written to disk. In an agent setting, this increases the risk of unintended exfiltration of sensitive local files or unexpected filesystem modifications when the skill is invoked from natural-language requests.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The clone flow accepts a local audio path, resolves/uploads that file, and submits it to a remote voice-cloning API, but the script provides no explicit consent gate, privacy notice, or warning that potentially sensitive biometric voice data will leave the local environment. Because voiceprints and spoken content are highly sensitive, users may unknowingly transmit personal or third-party audio to an external service, creating privacy, compliance, and misuse risks.

Credential Access

High

Category: Privilege Escalation
Content: CLIENT_ID = "tkv-skill" DEFAULT_SCOPE = "read:profile read:billing read:apikey" CRED_FILE = Path.home() / ".tekan" / "credentials.json" PENDING_FILE = Path.home() / ".tekan" / "pending_device.json" LOGIN_TIMEOUT = 600 # 10 minutes, matching server-side expiry
Confidence: 91% confidence
Finding: credentials.json

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal