Hair Makeover Video

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed WeryAI hair-makeover video generator that uses an API key and paid credits only after user confirmation.

Install only if you trust the publisher and are comfortable giving the skill WERYAI_API_KEY. Expect your prompts and any public image URLs to be sent to WeryAI, and only confirm generation when you are ready to spend WeryAI credits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The implicit trigger test uses a broad natural-language prompt about a hairstyle transformation without clear boundaries tying activation specifically to this skill. That can cause over-triggering on general haircut, fashion, or transformation requests, leading the agent to invoke the skill unexpectedly and expand its operational scope beyond intended user consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal