Security audit

magic-text2video

Security checks across malware telemetry and agentic risk

Overview

This text-to-video skill does what it claims, but it sends the API key and user text to a remote service with TLS certificate checks disabled.

Install only after reviewing the risk: use a dedicated revocable MAGIC_API_KEY, avoid confidential or personal text, and treat the current client as unsafe on untrusted networks until TLS verification is restored. This does not appear malicious from the artifacts, but it needs review because the credential and prompt handling are under-protected.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Tainted flow: 'req' from os.environ.get (line 55, credential/environment) → urllib.request.urlopen (network output)

Critical

Category: Data Flow
Content: ctx = ssl.create_default_context() ctx.check_hostname = False ctx.verify_mode = ssl.CERT_NONE with urllib.request.urlopen(req, timeout=timeout_s, context=ctx) as resp: raw = resp.read().decode("utf-8") return json.loads(raw) if raw else {} except urllib.error.HTTPError as e:
Confidence: 99% confidence
Finding: with urllib.request.urlopen(req, timeout=timeout_s, context=ctx) as resp:

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill invokes a Python client that requires an environment API key and submits user-provided text to a remote service, but the skill does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users and hosting platforms may not realize the skill can access secrets and make outbound network requests, increasing the risk of unintended data exfiltration or misuse.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill description and guidance do not clearly warn that the user's full input text is transmitted immediately to an external video-generation service. Because users may paste sensitive scripts, prompts, or proprietary content, the lack of an upfront disclosure can lead to inadvertent privacy, confidentiality, or compliance violations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.