Back to skill

Security audit

magic-image2video

Security checks across malware telemetry and agentic risk

Overview

This skill sends user-provided text and images to a remote video-generation service, which is expected for its purpose but should not be used with sensitive files or private URLs.

Install only if you trust the Magiclight service with your API key, prompts, and any image files or URLs you provide. Avoid private local files, internal URLs, and confidential images unless you intentionally want them sent to the remote service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tainted flow: 'req' from os.environ.get (line 124, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
put_url = image_put_url_resp.get("data", {}).get("put_url")
            # put_url是临时上传地址,需要上传图片到put_url
            req = urllib.request.Request(put_url, data=image_content, method="PUT")
            with urllib.request.urlopen(req, context=_get_ssl_context()) as resp:
                status = resp.getcode()
                if status != 200:
                    raise Exception(f"Failed to upload image to put_url, status: {status}")
Confidence
91% confidence
Finding
with urllib.request.urlopen(req, context=_get_ssl_context()) as resp:

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
When --image starts with 'http', the script directly fetches the user-supplied URL. This creates a general outbound fetch capability that can be abused for SSRF-like access to internal services or to probe network-reachable resources from the environment where the skill runs, which is broader than merely submitting a media-generation task.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly supports local file paths and remote image URLs, yet the description does not warn that these inputs are sent to a third-party video service. This creates a meaningful privacy and data-handling risk because users may provide sensitive local files or internal URLs without informed consent, resulting in unintended disclosure to an external provider.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code fetches image content from arbitrary URLs or reads a local file, then uploads that content to a remote service without any explicit user-facing warning in the implementation. In an agent-skill context, this increases risk because users may not realize the skill can transmit local files or remotely retrieved content off the host.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.