tokenrouter-video-usaging

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Tokenrouter video-generation helper, but it can inspect local routing config, edit it, reload services, and use an existing Tokenrouter key for paid API calls.

Install only if you want an agent to inspect your local Tokenrouter configuration, make small routing edits, possibly reload the Tokenrouter service, and submit video-generation requests using the existing Tokenrouter key. Review any config diff first, confirm the key belongs to the intended account, and expect API calls to send prompts/images to Tokenrouter and potentially consume paid quota.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (14)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 77% confidence
Finding: The skill explicitly directs the agent to search the workspace for configuration files and inspect them for keys, channels, and model routes, but it does not declare permissions or clearly bound that read scope. Undeclared file-read capability increases the chance of overbroad access to sensitive configuration and credential material during execution.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to modify workspace configuration and possibly reload or restart services automatically, but it does not require explicit user approval before making those state-changing actions. This can cause unintended configuration drift, service disruption, or breakage in shared or production-like environments.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill tells the agent to reuse an existing configured key for outbound authentication without warning that it is handling a sensitive secret or that the secret will be transmitted to a third-party endpoint. This increases the risk of unreviewed credential use and accidental exfiltration from local configuration to an external service.

Ssd 3

High

Confidence: 98% confidence
Finding: The skill directs the agent to discover a channel key in workspace configuration and use it directly for authentication to an external API. This is dangerous because it turns local config discovery into credential harvesting and immediate external use, which can expose or misuse secrets without clear user consent.

Ssd 3

High

Confidence: 98% confidence
Finding: Repeatedly telling the agent to reuse the detected key exactly as configured reinforces direct secret extraction and external use as a normal workflow. The repetition makes misuse more likely and reduces the chance that an agent or user will pause to review whether the credential should be used for that destination.

Ssd 3

High

Confidence: 98% confidence
Finding: The API guidance explicitly says to use a matching channel's configured key directly for authentication, which operationalizes secret reuse from local files to a remote service. In a security context, this is a clear secret-handling flaw because it authorizes exfiltration and use of credentials discovered during file inspection.

Ssd 3

High

Confidence: 97% confidence
Finding: The execution pattern culminates in sending requests with a key found by scanning workspace configuration, combining credential discovery with outbound transmission in a single prescribed flow. That creates a high-risk path for unauthorized use of stored credentials and makes the skill substantially more dangerous than a read-only inspection tool.

External Transmission

Medium

Category: Data Exfiltration
Content: **Hailuo:** ```bash curl -X POST "https://api.tokenrouter.com/v1/video/generations" \ -H "Authorization: Bearer $DETECTED_CHANNEL_KEY" \ -H "Content-Type: application/json" \ -d '{
Confidence: 95% confidence
Finding: curl -X POST "https://api.tokenrouter.com/v1/video/generations" \ -H "Authorization: Bearer $DETECTED_CHANNEL_KEY" \ -H "Content-Type: application/json" \ -d '{ "model": "MiniMax-Hailuo-2.3"

External Transmission

Medium

Category: Data Exfiltration
Content: **Hailuo:** ```bash curl -X POST "https://api.tokenrouter.com/v1/video/generations" \ -H "Authorization: Bearer $DETECTED_CHANNEL_KEY" \ -H "Content-Type: application/json" \ -d '{
Confidence: 95% confidence
Finding: https://api.tokenrouter.com/

External Transmission

Medium

Category: Data Exfiltration
Content: **Kling text-to-video:** ```bash curl -X POST "https://api.tokenrouter.com/v1/video/generations" \ -H "Authorization: Bearer $DETECTED_CHANNEL_KEY" \ -H "Content-Type: application/json" \ -d '{
Confidence: 94% confidence
Finding: https://api.tokenrouter.com/

External Transmission

Medium

Category: Data Exfiltration
Content: **Kling image-to-video:** ```bash curl -X POST "https://api.tokenrouter.com/v1/video/generations" \ -H "Authorization: Bearer $DETECTED_CHANNEL_KEY" \ -H "Content-Type: application/json" \ -d '{
Confidence: 94% confidence
Finding: https://api.tokenrouter.com/

External Transmission

Medium

Category: Data Exfiltration
Content: **Seedance text-to-video:** ```bash curl -X POST "https://api.tokenrouter.com/v1/video/generations" \ -H "Authorization: Bearer $DETECTED_CHANNEL_KEY" \ -H "Content-Type: application/json" \ -d '{
Confidence: 94% confidence
Finding: https://api.tokenrouter.com/

External Transmission

Medium

Category: Data Exfiltration
Content: **Seedance image-to-video:** ```bash curl -X POST "https://api.tokenrouter.com/v1/video/generations" \ -H "Authorization: Bearer $DETECTED_CHANNEL_KEY" \ -H "Content-Type: application/json" \ -d '{
Confidence: 94% confidence
Finding: https://api.tokenrouter.com/

External Transmission

Medium

Category: Data Exfiltration
Content: Then: ```bash curl "https://api.tokenrouter.com/video/generations/$TASK_ID" \ -H "Authorization: Bearer $DETECTED_CHANNEL_KEY" ```
Confidence: 93% confidence
Finding: https://api.tokenrouter.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal