Back to skill

Security audit

基于需求描述智能生成脚本和视频,让你的每个营销视频都出彩。适用于用户希望“把这个需求直接生成视频”时,通过API自动生成结果而非人工撰写。

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it automatically uses an embedded dashboard access token and has unclear account and data-handling boundaries.

Review before installing. Only use this skill if you are comfortable sending video requirements and optional image URLs to xiaonian.cc. The publisher should remove and rotate the embedded token, require explicit user-provided credentials, document what account is used and what data is retained, and constrain local downloads to safe output paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation describes built-in authentication and remote API usage, but no explicit permissions are declared despite network and environment capabilities being required. This weakens review-time visibility and can cause the agent to invoke a skill that transmits user data externally or accesses runtime secrets without clear authorization boundaries.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented purpose is simple video generation, but the observed behavior includes hardcoded/default token-based authentication, optional credential-based login flow, and local file download/write capability. That mismatch is dangerous because it conceals sensitive operations from reviewers and users, increasing the chance of secret misuse, unauthorized account access, and unexpected persistence of generated content on disk.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The download helper fetches a URL returned by the remote service and writes it to an arbitrary local path provided by --out, with no validation of the destination path or source URL. If the remote API is compromised or influenced, this creates a path for arbitrary file overwrite in user-accessible locations and untrusted content download to disk.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are very broad and overlap with ordinary user requests such as 'generate a video' or 'make a video,' which can cause the skill to activate unexpectedly. In this skill, accidental activation is more serious because it sends content to a remote service and may create/download artifacts without the user understanding that an external workflow is being invoked.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly documents remote API-based generation and optional local file output, but does not warn users that their prompt content will be transmitted to an external service or that a video file may be saved to disk. This creates a privacy and consent risk, especially if user requests contain proprietary, personal, or regulated marketing content.

Missing User Warnings

High
Confidence
99% confidence
Finding
A hardcoded default bearer token is embedded directly in the script and used automatically when no environment variable is set. Embedded credentials are highly dangerous because they can be extracted from source control, reused by unauthorized parties, and silently grant access to the remote dashboard without user awareness.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.