Back to skill

Security audit

Spark Media

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed paid image and video generation skill using a user-provided API key, with no hidden execution, exfiltration, or destructive behavior found.

Before installing, understand that generated media requests can spend account balance and will send prompts and any reference images or image URLs to the Spark Media service and its upstream provider. Confirm charges before generation, avoid sensitive content, and prefer uploaded files or clearly public URLs for references.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list contains broad, everyday phrases such as '画图', '做个视频', and repeated generic generation terms that are likely to match ordinary user requests and invoke the skill unintentionally. Because this skill sends prompts and possibly reference images to an external media service, accidental activation can cause unintended data disclosure, unwanted charges, and user confusion.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
The skill mandates a fixed Chinese billing/output line ('本次扣费...余额...') without indicating that responses should follow the user's language preference. This can mislead users who do not read Chinese, especially when communicating billing or task status, reducing informed consent around paid external requests.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation says users can supply an external `image_url` as a reference image but does not warn that the backend service will fetch remote content on the user's behalf. That can expose request metadata such as source IP, timing, and user-supplied URLs to third-party hosts, and in some implementations can enable server-side request forgery or unintended access to internal resources if URL fetching is not tightly restricted.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.